Chain your SSL certificate

When applying a domain certificate, you must chain the certificate with the root and intermediate certificates in the order determined by your signing authority. If there are two or more intermediate certificates included, you must include both certificates during chaining process.

Certificates are only available at the System Level for the System or Product Administrator level accounts. Service Organization and Customer or Site level accounts can not access this feature.

To create a chained certificate, contact your certificate authority (CA) and request a bundle that you can import into a Java web server using chained certificates. If there is no generic Java-based web server option available, N-able recommends using Jetty or Tomcat. If no bundle is available, some vendors can provide the necessary CA root and intermediate certificate files for download, which will require you to download them individually.

Once you have all of the CA certificates, you must then create the chained certificate. Copy all of the certificates into a single text file in hierarchical order.

For pre-chain signing authorities, the order of the chain is:

  • Your Certificate
  • Intermediate Certificate
  • Root Certificate

For post-chain signing authorities, the order of the chain is:

  • Root Certificate
  • Intermediate Certificate
  • Your Certificate

After you prepare the chained certificate, upload the certificate. When uploading the certificate, you can either paste the chained certificate into the text box or use the file upload facility. As a general rule, it is better to rely on the file upload as the text box has a finite character limit of approximately 1300 characters. Certificate chains can easily exceed that limit.