Installing Intermediate Certificates

Missing intermediate certificates cause most trust errors. Servers must present the complete chain from server certificate to root CA. Many administrators forget to install intermediate certificates, breaking the trust chain even with valid certificates.

Proper certificate chain installation:

# Nginx - concatenate certificates
cat server.crt intermediate.crt > fullchain.pem

server {
    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/private.key;
}

# Apache - separate directives
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt