Certificate appears as not trusted even if the root CA is trusted
2 years ago
Originally Published: 2006-05-19
Article Number
000057705
Applies To
Microsoft Internet Explorer 6.x
Microsoft Internet Information Server (IIS)
Keon Certificate Authority
Issue
Certificate appears as not trusted even if the root CA is trusted
Error: "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificate authority."
CA1 is signed by a Trusted Root CA in Internet Explorer. CA1 signs SSLServerCertificateA and SSLServerCertificateB
SSLServerCertificateA is installed on WebServerA
SSLServerCertificateB is installed on WebServerB

When reaching WebServerA, no security warning shows up. When looking at SSLServerCertificateA chain, the full certificate chain shows up and is valid.
When reaching WebServerB, the security warning DOES shows up. When looking at the SSLServerCertificate chain, the full chain does not show up.

SSLServerCertificateA and SSLServerCertificateB both have the same Issuer and AKI
Cause
WebServerA has CA1 in the Intermediate Trusted CA. WebServerB does not have CA1 in the Intermediate Trusted CA, which is why the certificate chain is broken.
Resolution
Given the above example, WebServerB must have CA1 in the Intermediate Trusted CA store so it can present the full chain to the client.

You must install the entire CA certificate chain in your web server's Trusted CA store. Follow your web server's guide on how to install CA certificates.

Related Articles

Trending Articles

Don't see what you're looking for?