Chain your SSL certificate

The purpose of chaining your SSL certificates is to link multiple certificates together to establish an SSL chain of trust from the end-entity certificate (server certificate) to a trusted root certificate authority (CA).

When applying a domain certificate, you must chain the certificate with the root and intermediate certificates in the order determined by your CA. If there are two or more intermediate certificates included, you must include both certificates during chaining process. The order typically starts with the server certificate (End-entity certificate) followed by the first intermediate certificate, then the second intermediate certificate etc. and then the root (CA) certificate in the chain.

Certificates are only available at the System level for the System or Product Administrator level accounts. Service Organization and Customer or Site level accounts can not access this feature.

To create a chained certificate, contact your CA and request a bundle that you can import into a Java web server using chained certificates. If there is no generic Java-based web server option available, N-able recommends using Jetty or Tomcat. If no bundle is available, some vendors can provide the necessary CA root and intermediate certificate files for download, which will require you to download them individually.

After you have all of the CA certificates, create the chained certificate by copying all of the certificates into a single text file in hierarchical order.

For pre-chain CAs, the order of the chain is:

• server certificate
• intermediate certificate(s)
• root certificate

For post-chain CAs, the order of the chain is:

• root certificate
• intermediate certificate(s)
• server certificate

After you prepare the chained certificate, upload the certificate. When uploading the certificate, you can either paste the chained certificate into the text box or use the file upload facility. As a general rule, it is better to rely on the file upload as the text box has a finite character limit of approximately 1300 characters. Certificate chains can easily exceed that limit.