If your Microsoft Windows server lacks intermediate or root certificates to establish a complete certificate chain and return it to the client during the SSL handshake, or if you received the server and intermediate certificates from the Certification Authority in separate files, you can import the intermediate and root certificates via Windows Microsoft Management Console (MMC).
As a rule, intermediate and root certificates can be taken from the sites of the Certificate Authorities (COMODO, RapidSSL, GeoTrust, Thawte, Symantec) that issue the certificates. Please contact our Support Team if you are having difficulties in finding the correct files to import.
The instructions are similar for all Windows distributions, however the interface may differ a bit. Here are the steps you need to follow to perform the import.
- Open Microsoft Management console. To do this, press Win+R, type in mmc and click OK:
- Click File and choose the Add/Remove Snap-in option:
- In the ‘Add or Remove Snap-ins’ window select the Certificates snap-in and click the Add button:
- Choose Computer account:
- Select Local Computer to manage the snap-in:
- ‘Certificates (Local Computer)’ snap-in will be selected. Click OK to add it to console:
- To import an intermediate certificate, right-click on the Intermediate Certification Authorities store > All Tasks > Import:
- This will start a Certificate Import wizard:
- Locate the intermediate certificate that you want to import on your machine using Browse button. Click Next:
- The import wizard will prompt you to place the certificate into the single store. Leave Intermediate Certification Authorities as the certificate store. If you have a PKCS7 file with several certificates in it, you can choose ‘Automatically select the certificate store based on the type of certificate’, and MMC will place the certificates from the file to the corresponding stores. Once any is selected, click Next:
- To complete the wizard, click Finish. The certificate is successfully imported:
To import the root certificate, right-click on the Trusted Root Certification Authorities store > All Tasks > Import. Then follow the steps 8-11 to complete the Certificate Import Wizard for a root certificate:
Note: as a rule, root certificates from the Certification Authorities whose certificates we sell (COMODO, RapidSSL, GeoTrust, Thawte, Symantec) are already included in the trusted stores of Windows servers. Import of root certificates using MMC is needed only if the trusted root certificate was not included to the console initially or was deleted intentionally.