You Are Here:

United Kingdom Home > Support > Advisories > Where Can I Obtain the VeriSign Intermediate CA Certificate?

Advisories

Where Can I Obtain the VeriSign Intermediate CA Certificate?

Where can I obtain the VeriSign Intermediate CA Certificate?

You can obtain the VeriSign Intermediate Certificate Authority (CA) Certificate at this URL: https://www.verisign.com/support/verisign-intermediate-ca/index.html

Why do I need the VeriSign Intermediate CA Certificate?

As of April 2006, all SSL certificates issued by VeriSign require the installation of an Intermediate CA certificate.

The SSL certificates are signed by an Intermediate CA using a two-tier hierarchy (also known as trust chain) which enhances the security of your SSL certificates.

Figure A

In Figure A, it shows the chain of trust stemming from the VeriSign Class 3 Public Primary CA (Root CA). You will notice that there are several Intermediate CA Certificates signed by this Root CA. They include the VeriSign Class 3 Secure Server CA and www.verisign.com/CPS Incorp.by Ref.LIABILITY LTD.(c)97 VeriSign. These Intermediate CA Certificates sign the end-entity certificates (your SSL certificates). Please note the VeriSign Class 3 Public Primary CA also signs Intermediate CAs for other products, such as Code Signing and OFX Certificates.

Figure B

In Figure B, it shows how a browser validates the chain of trust. In this example, we are using Microsoft Internet Explorer. The end-entity SSL certificate is at the bottom of the chain and the Root CA is at the top of the chain. The Intermediate CA certificate is what allows the SSL Certificate to properly chain up to the root.

What will happen if the VeriSign Intermediate CA Certificate is not installed?

If the proper Intermediate CA is NOT installed on the server, your customers will see browser errors as shown in Figure C (Internet Explorer security warning) and Figure D (Internet Explorer Certificate path image with a broken chain).

Customers at this point may choose not to proceed and close their browser.

Figure C

Figure D

How do I install the VeriSign Intermediate CA Certificate?

For instructions to install the VeriSign Intermediate CA Certificate for your Web server, visit the following site:

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR212 
(goes to US site)

If your Web server is not listed, please contact your vendor for assistance.

NOTE: SSL Certificates with Extended Validation require the installation of two Intermediate CA certificates – the Primary Extended Validation Intermediate CA and the Secondary Extended Validation Intermediate CA.