Broken SSL/TLS certificate chains from missing intermediates can cause trust errors. Learn how to diagnose and fix them by installing a complete chain.
Need a certificate? SSL.com has you covered. Compare options here to find the right choice for you, from S/MIME and code signing certificates and more.
Browser Trust Errors
If you have installed a new SSL/TLS certificate on your web server but visitors are experiencing browser trust errors such as Not Secure, or Your Connection Is Not Private, please make sure that a complete intermediate certificate chain has been installed. In Google Chrome, a common error message of this type is NET::ERR_CERT_AUTHORITY_INVALID. All of the following browser errors resulted from installing a valid certificate, but with a broken chain caused by missing intermediates:
For more examples of browser error messages resulting from missing intermediate certificates, please refer to our guide on Troubleshooting SSL/TLS Browser Errors and Warnings.
Note: You may not see these trust errors in Firefox, even if they are present in other browsers. This is because Firefox caches intermediate certificates in its own certificate store; if you previously visited a website that included any intermediates missing from your server, Firefox will use them to make a complete certificate chain when necessary.
Diagnosing the ProblemYou can check for missing intermediate certificates with SSL Shopper's SSL Checker. The screenshot below reveals the situation that produced the errors shown above:
Solving the ProblemWhen you download your certificate from your SSL.com user account using the link for your server platform, you receive a zipped file that includes both the certificate and any necessary supporting files. If you only wish to download the intermediate certificates, you can also use the CA bundle download link.
Installation of intermediates varies by server platform. For specific instructions on how to install the required intermediate certificates on your server and create a complete chain, please refer to our certificate installation documentation.
Confirm the FixWith all supporting certificates installed on the same server that produced the "not trusted" errors shown above, SSL Checker shows a complete chain, and the browser trust errors are gone:
Video: Troubleshooting SSL/TLS Browser Errors and Warnings