Install Intermediate Certificates To Avoid SSL/TLS Not Trusted

Browser Trust Errors

If you have installed a new SSL/TLS certificate on your web server but visitors are experiencing browser trust errors such as Not Secure, or Your Connection Is Not Private, please make sure that a complete intermediate certificate chain has been installed. In Google Chrome, a common error message of this type is NET::ERR_CERT_AUTHORITY_INVALID. All of the following browser errors resulted from installing a valid certificate, but with a broken chain caused by missing intermediates:

Chrome address bar with Not Secure trust warning
Chrome address bar with Not Secure trust warning
Chrome trust warning
NET::ERR_CERT_AUTHORITY_INVALID trust warning in Chrome browser window.
Apple Safari browser warning
Trust warning in Apple Safari browser window, stating This Connection Is Not Private.

For more examples of browser error messages resulting from missing intermediate certificates, please refer to our guide on Troubleshooting SSL/TLS Browser Errors and Warnings.

Note: You may not see these trust errors in Firefox, even if they are present in other browsers. This is because Firefox caches intermediate certificates in its own certificate store; if you previously visited a website that included any intermediates missing from your server, Firefox will use them to make a complete certificate chain when necessary.

Diagnosing the Problem

You can check for missing intermediate certificates with SSL Shopper’s SSL Checker. The screenshot below reveals the situation that produced the errors shown above:

Missing intermediate chain

Solving the Problem

When you download your certificate from your SSL.com user account using the link for your server platform, you receive a zipped file that includes both the certificate and any necessary supporting files. If you only wish to download the intermediate certificates, you can also use the CA bundle download link.

Certificate download by platform

Installation of intermediates varies by server platform. For specific instructions on how to install the required intermediate certificates on your server and create a complete chain, please refer to our certificate installation documentation.

Confirm the Fix

With all supporting certificates installed on the same server that produced the “not trusted” errors shown above, SSL Checker shows a complete chain, and the browser trust errors are gone:

Complete certificate chain

Secure connection

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.