To install the intermediate certificates into the IIS servers, please view the following:
Step 1:
Download the Intermediate certificates applicable to your product:
SSL123:
SSL Web Server / SSL Web Server Wildcard:
SGC:
Thawte SGC Intermediates (certificate requested before 10.10.2010)
Thawte SGC CA - G2 and VeriSign Class 3 Public Primary Certification Authority - G5 (certificate requested after 10.10.2010)
Thawte Extended Validation:
When saving the intermediate certificates change the .pem extension to .cer or .crt.
Step 2:
Add Certificate Snap-in within IIS: SO1849
Step 3: Installing the Thawte Primary Root CA and Intermediate CA
Note: Follow the same steps below to import the Thawte Primary Root CA and Intermediate or your certificate will not work correctly.
1) Open the Microsoft Management Console (MMC) => Computer-Konto !!!
2) Click on Certificates from the left pane
3) Double-click on Intermediate Certification Authorities from the right pane
4) Right-click on Certificates folder from the right pane and select All Tasks > Import to open the Certificate Import Wizard
5) Click on the Next button
6) Specify the location of the Thawte Primary Root CA by browsing to it and click on the Next button
7) By default, it will place the certificate in the Intermediate Certification Authorities store. Keep this selection and click on the Next button.
8) Click on the Finish button
9) A message will appear confirming the successful import of the certificate. Click on the OK button.
2) Click on Certificates from the left pane
3) Double-click on Intermediate Certification Authorities from the right pane
4) Right-click on Certificates folder from the right pane and select All Tasks > Import to open the Certificate Import Wizard
5) Click on the Next button
6) Specify the location of the Thawte Primary Root CA by browsing to it and click on the Next button
7) By default, it will place the certificate in the Intermediate Certification Authorities store. Keep this selection and click on the Next button.
8) Click on the Finish button
9) A message will appear confirming the successful import of the certificate. Click on the OK button.
Note: Please ensure that you have followed the same steps above to import the Intermediate CA as well.
Step 4: Check the following for the SSL123, SSL Web Server/ Wildcard, Extended Validation:
With MMC and the Certificates snap-in still open, expand the Trusted Root Certification Authorities folder on the left and select the Certificates sub-folder.
Locate the following certificate:
Common Name - thawte Primary Root CA
Expiry Date - 17th July 2036
Thumbprint - 91 c6 d6 ee 3e 8a c8 63 84 e5 48 c2 99 29 5c 75 6c 81 7b 81
If this certificate is present, it must be disabled.
For the SGC certficiate please check:
Common Name - VeriSign Class 3 Public Primary Certification Authority - G5 valid until July 17, 2036
If this certificate is present, it must be disabled.
1) Right click the certificate
2) Select Properties
3) In the Certificate purposes section, select 'Disable all purposes for this certificate
4)Click the 'OK' button.
Close MMC - there is no need to save console settings.
If your site still has the chaining error, restart the IIS service. If the problem continues, the whole server needs a restart to use the new roots.
