- Online SSL checker (such as thawte CryptoReport, Qualsys SSL Labs, SSL Shopper) shows an error like:
Intermediate certificate missing
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
This server's certificate chain is incomplete
A browser can show:
Your connection is not private NET::ERR_CERT_AUTHORITY_INVALID
Browser is rejecting certificates based on the intermediate one
When trying to log in via an e-mail client, one of the following errors is shown:
The server you are connected to is using a security certificate that cannot be verified. The target principal name is incorrect.
Could not verify this certificate because the issuer is unknown
The certificate consists of 3 parts:
- *.key file private key;
- *.crt - certificate itself;
- *-ca.crt - certificate of Certificate Authority.
The error means Certificate Authority (ca.crt) part of a certificate is missing.
*.key / *.crt / *-ca.crt parts of the certificate should be provided by your Certificate Authority.
Contact the certificate issuer and ask to provide CA part of the certificate:
Rename the existing certificate under Plesk > Domains > example.com > SSL/TLS Certificates > certificate _name > Rename.
Then, install the certificate again. All three parts should be uploaded/filled for the certificate: