How to Fix the Expired Intermediate SSL Certificate Error in Windows, MAC, Nginx, and Apache?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...
Fix Expired Intermediate Certificate Error

Have you been greeted by an “Incomplete SSL Certificate Chain” or “Broken SSL Chain” warning on your browser? This could signal an expired intermediate SSL certificate. It’s a specific error that disrupts website access and raises security concerns.

If you are searching for answers on fixing this error, you are not – alone! Understanding and resolving this issue is paramount for a secure web presence. So, before exploring how to identify and rectify this SSL error, it would be better to comprehend – “What exactly is this error?” & “Why does it occur?”

What is an Expired Intermediate SSL Certificate Error?

An Expired Intermediate SSL Certificate Error signifies a disruption in the SSL chain of trust. This chain, essential for validating a website’s security credentials, hinges on the reliability of – Intermediate Certificates. When one expires, it fails to connect the user’s SSL to a trusted root certificate.

In lay terms, it’s akin to a broken link within a chain of authentication. The result? Browsers cannot verify the site’s security, leading to access errors.

Cheap SSL Certificates

Why Does the Expired Intermediate SSL Certificate Error Occur?

The Expired Intermediate SSL Certificate Error often arises when the intermediate certificate is missing or incorrect. If you install an SSL certificate without its intermediate, browsers can’t chain it to a trusted authority. They’ll flag this as a broken chain.

Also, if an intermediate certificate is revoked or expires, it invalidates the chain. Browsers will then warn of the security risk and display an expired Intermediate SSL Certificate error or warning.

How to Fix the Expired Intermediate SSL Certificate Issue?

We will discuss how to fix the issue on various platforms – Windows, Mac, Apache, and Nginx. So, you can get the Expired Intermediate SSL Certificate error resolved on whatever platform you are using.

Steps to Fix the Expired Intermediate SSL Certificate Error on Windows

Note: To address issues with expired legacy intermediates, delete them. But before doing that, first back up your current configuration to prevent any mishaps before starting with the steps mentioned below.

Here are the steps:

  1. Click Search, placed on the taskbar.
  2. Type Microsoft Management Console, and press Enter.
  3. The Console window will appear.
  4. From the File list, select the Add/Remove Snap-in option.
  5. The Add or Remove Snap-in window will appear.
  6. In the left pane, under the Available Snap-in section, click Certificates.
  7. Click Add and then click OK.
  8. In the Certificates snap-in window, select Computer account.
  9. The Select Computer window will appear.
  10. Select Local Computer: (the computer this console is running on).
  11. Click Finish and then click OK.
  12. In the console window, in the left pane, all the certificates on your local computer will be listed.
  13. Click the right arrowhead (>) to expand the Third-Party Root Certification Authority option.
  14. Find the Certificate name you want to disable (e.g., DigiCert High Assurance EV Root CA) and right-click on it.
  15. From the list, select Properties.
  16. A new window will appear.
  17. In the General tab, under the Certificate purposes section, select Disable all purposes for this certificate.
  18. Click Apply.
  19. Restart your system.

Steps to Fix the Expired Intermediate SSL Certificate Error on Mac

Here are the steps:

  1. Log into your Mac with an administrative account.
  2. Navigate to Applications > Utilities.
  3. Double-click on the Keychain Access application to launch it.
  4. The Keychain Access will appear.
  5. In Keychain Access, from the View list, select Show Expired Certificates.
  6. Search for the Expired Intermediate Certificate in the list.
  7. Once you locate the expired certificate, select it.
  8. Right-click on the expired certificate.
  9. From the list, select Delete.
  10. Close the Keychain Access application.
  11. Restart your Mac to ensure the changes take effect.

Steps to Fix the Expired Intermediate SSL Certificate Error on Apache

Here are the steps:

  1. Locate your Apache configuration file.
  2. Find the SSLCertificateChainFile directive.
  3. Use Notepad to edit the path in the directive to point to the correct intermediate certificate file. This file should contain only one certificate.
  4. Save the changes and exit the editor.
  5. Restart Apache to apply the changes.

Steps to Fix the Expired Intermediate SSL Certificate Error on Nginx

Here are the steps:

  1. Open your Nginx configuration file.
  2. Find the ssl_certificate /etc/ssl/your_domain_name.pem directive.
  3. Use Notepad to open ssl_certificate /etc/ssl/your_domain_name.pem.
  4. Edit the ssl_certificate /etc/ssl/your_domain_name.pem to include only the domain’s (server) certificate & it’s issuing intermediate cert.
  5. Save the changes.
  6. Exit the editor.
  7. Reload Nginx to apply the new configuration.

Conclusion

The intermediate certificate links your SSL certificate to the trusted root certificate. Without it, browsers and clients cannot verify the trust chain. Hence, always ensure the intermediate certificate is updated and installed in your server configuration.