Broken SSL/TLS certificate chains from missing intermediates can cause trust errors. Learn how to diagnose and fix them by installing a complete chain.
Browser Trust Errors
If you have installed a new SSL/TLS certificate on your web server but visitors are experiencing browser trust errors such as Not Secure, or Your Connection Is Not Private, please make sure that a complete intermediate certificate chain has been installed. In Google Chrome, a common error message of this type is NET::ERR_CERT_AUTHORITY_INVALID. All of the following browser errors resulted from installing a valid certificate, but with a broken chain caused by missing intermediates:
Not Secure trust warning
NET::ERR_CERT_AUTHORITY_INVALID trust warning in Chrome browser window.
This Connection Is Not Private.For more examples of browser error messages resulting from missing intermediate certificates, please refer to our guide on Troubleshooting SSL/TLS Browser Errors and Warnings.
Diagnosing the Problem
You can check for missing intermediate certificates with SSL Shopper’s SSL Checker. The screenshot below reveals the situation that produced the errors shown above:
Solving the Problem
When you download your certificate from your SSL.com user account using the link for your server platform, you receive a zipped file that includes both the certificate and any necessary supporting files. If you only wish to download the intermediate certificates, you can also use the CA bundle download link.
Installation of intermediates varies by server platform. For specific instructions on how to install the required intermediate certificates on your server and create a complete chain, please refer to our certificate installation documentation.
Confirm the Fix
With all supporting certificates installed on the same server that produced the “not trusted” errors shown above, SSL Checker shows a complete chain, and the browser trust errors are gone:
