Start Exploring Keyword Ideas

Use Serpstat to find the best keywords for your website

How-to 6 min read September 30, 2019

How to configure the chain of SSL certificates and why it is necessary

An SSL certificate is required when switching to the HTTPS protocol, which provides a secure connection and user data protection. Using SSL provides for the confirmation of a domain name when connecting to a browser. For a number of devices and applications, a domain certificate is not enough — you must configure the certificate chain.

What is a chain of certificates

Installing an SSL certificate is an important step when switching to the secure protocol HTTPS — it ensures the safety of personal data. Such a website causes more trust among users. Also, the security of a web resource can affect its position in the search results.

As a rule, a single certificate is sufficient to encrypt the information sent between the visitor's browser and the server. However, some resources require greater reliability and multi-level protection. For example, a banking resource involves large financial transactions. In this case, an SSL certificate is required, which contains not only the certificate for the domain but the certificate chain (CA Bundle).

The SSL certificate chain includes certificates of guarantors confirming the validity of the document as a whole. The CA Bundle structure is as follows:
Root certificate.
Certificates of intermediaries (Intermediate).
Each certificate in the chain has an electronic digital signature, linking it to the certificate one step below. Root CA is the top link in the certificate hierarchy. Clarification of CA (Certificate Authority) means that certificates are issued by a certification authority that confirms the authenticity of the encryption keys with this document.
SSL certificate chain scheme

How to set up an SSL certificate chain

The structure of the chain links depends on the type of certificate. As a rule, this sequence can be obtained along with a domain certificate by e-mail or downloaded on the website of the SSL provider that issued the certificate. In this case, the guarantor is a certification authority. The next step is to configure the SSL chain. There are two ways to do this.

Create a text document

To do this, place the certificate chain as a list in a text document. What the CA Bundle looks like can be seen in the example below — certificates with the .crt extension are placed in the specified sequence:

  • CARoot.crt
  • Intermediate1.crt
  • Intermediate2.crt
  • Intermediate3.crt
  • domain.crt

The CARoot.crt file here is the root certificate; the Intermediate file bundle acts as intermediaries, domain.crt is a domain certificate. There can be many guarantors in the chain. The main task is to ensure that all links in the chain are digitally linked to each other.

The text file with the certificate chain should be saved as

Use the command line

In this line, you need to list the intermediary certificates in order and end the sequence by specifying the file name.

Errors in setting up the certificate chain

The server certificate chain is incomplete

Sometimes you can get a signal that the certificate chain is broken or incomplete. This, as a rule, indicates a problem with intermediate certificates — their absence in the chain, incorrect sequence, expiration of one of the certificates.

You can check the chain settings using online services. For example, SSL Shopper or SSL Checker.
The server's certificate chain is incomplete and the signers are not registered
To fix the error, you need to export each intermediate certificate in a chain and associate the Intermediate / chain with the root certificate. A correctly configured certificate chain will be a signal for the browser that the website can be trusted.

Failed to validate the certificate chain

Another common mistake is the inability to build a certificate chain. This signals an internal error and is often associated with a lack of a valid root certificate. The solution to this problem is to install the root certificate of the Certification Authority.
Error signing data: Unable to build certificate chain for trusted root center


A chain of certificates will be an additional way to confirm the reliability of a resource. Using the file structure, acting as guarantor, you can confirm the validity of the SSL certificate.

Setting up a chain and checking the correctness of its operation will expand the possibilities of using a web resource in various applications. Special online services will help you quickly identify errors in the chain.
This article is a part of Serpstat's "Site Audit" tool
SEO Audit in Serpstat" title = "How to configure the chain of SSL certificates and why it is necessary 16261788346350" />
Audit all the site or page in one click. A complete list of errors, sorted by severity, ways to resolve them and recommendations. Any frequency of verification and automatic email reports.
Run Site Audit

Speed up your search marketing growth with Serpstat!

Keyword and backlink opportunities, competitors' online strategy, daily rankings and SEO-related issues.

A pack of tools for reducing your time on SEO tasks.

Get free 7-day trial

Rate the article on a five-point scale

The article has already been rated by 3 people on average 2 out of 5
Found an error? Select it and press Ctrl + Enter to tell us

Discover More SEO Tools

Tools for Keywords

Keywords Research Tools – uncover untapped potential in your niche

Serpstat Features

SERP SEO Tool – the ultimate solution for website optimization

Keyword Difficulty Tool

Stay ahead of the competition and dominate your niche with our keywords difficulty tool

Check Page for SEO

On-page SEO checker – identify technical issues, optimize and drive more traffic to your website

Share this article with your friends

Are you sure?

Introducing Serpstat

Find out about the main features of the service in a convenient way for you!

Please send a request, and our specialist will offer you education options: a personal demonstration, a trial period, or materials for self-study and increasing expertise — everything for a comfortable start to work with Serpstat.




We are glad of your comment
I agree to Serpstat`s Privacy Policy.

Thank you, we have saved your new mailing settings.

Report a bug

Open support chat
mail pocket flipboard Messenger telegramm