How to complete the SSL certificate chain?

To complete the SSL certificate chain, you need to ensure that all intermediate certificates are properly installed and linked to your server along with the root certificate. Here’s how you can do it:

1. Obtain the Certificate Chain: When you purchase an SSL certificate, the Certificate Authority (CA) typically provides you with a certificate chain file that includes your domain certificate and any necessary intermediate certificates.

2. Install the Certificate Chain: You need to install this certificate chain on your web server. The process varies depending on the server software you are using (e.g., Apache, Nginx, IIS).

   • For Apache: You would typically concatenate the domain certificate and the intermediate certificates into a single file and then reference this file in your Apache configuration.
   • For Nginx: Similar to Apache, you concatenate the certificates and reference the combined file in your Nginx configuration.

3. Verify the Installation: Use tools like openssl or online SSL checkers to verify that your certificate chain is correctly installed and that there are no missing intermediate certificates.

Example:
If you have a domain certificate yourdomain.crt and two intermediate certificates intermediate1.crt and intermediate2.crt, you would create a combined file like this:

cat yourdomain.crt intermediate1.crt intermediate2.crt > yourdomain_chain.crt

Then, you would configure your web server to use yourdomain_chain.crt.

Recommendation for Cloud Services:
If you are using a cloud service provider, they often offer managed SSL services that simplify this process. For example, Tencent Cloud provides a managed SSL service through its Cloud Load Balancer (CLB) product, which can automatically handle the SSL certificate chain, including the installation and renewal of certificates. This can save you time and reduce the risk of configuration errors.