Knowledge Base
How to resolve untrusted or unknown issuer warnings due to incomplete certificate chain issues?
Overview
When installing an SSL/TLS certificate on a server, it is essential to include all intermediate certificates along with the leaf (end-entity) certificate. Intermediate certificates form the link between the server certificate and the trusted root certificate authority (CA). Without these, browsers cannot build a complete certificate chain, resulting in “Untrusted” or “Unknown Issuer” warnings.
Why Intermediate Certificates Matter
-
Intermediate certificates act as a bridge between the leaf certificate and the root certificate.
-
If an intermediate certificate is missing, browsers fail to validate the chain and flag the certificate as an untrusted or unknown issuer.
-
This issue can negatively impact user trust and SEO rankings due to security warnings.
How to Verify Your Certificate Chain
Use tools like:
-
These tools help confirm whether your certificate chain is complete and properly configured.
Steps to Fix Missing Intermediate Certificates
-
Check the certificate chain using SSL testing tools.
-
Download and install the correct intermediate certificate on your server.
Be mindful that steps vary by platform (e.g., Windows Server, Apache, NGINX).
-
Restart your web server after installation to apply changes.
Best Practices
-
Always install the full certificate chain provided by your Certificate Authority (Sectigo).
-
Test your SSL configuration after installation using SSL Labs or SSL Checker.
-
Keep intermediate certificates updated during renewals to avoid chain breaks.
Related Guides:
Tags:
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
