A certificate chain consists of a root certificate, intermediate certificates, and a server certificate. If a website uses a certificate chain that lacks intermediate certificates or the root certificate, your browser may report a connection failure or other errors when you access the website. This topic describes how to check whether a certificate chain is complete and handle an incomplete certificate chain.
Step 1: Check whether a certificate chain is complete
You can run the following command on your server to check whether the certificate chain of the server is complete. You can run the command on your server regardless of whether your website is deployed.
<Server_IP>: Specify the IP address of your server.
<Domain_Name>: Specify the domain name of your website.
openssl s_client -connect <Server_IP>:443 -servername <Domain_Name>The following figure shows the content format of a certificate file. Section 1 shows a domain name certificate, and Section 2 shows an intermediate certificate. If the command output shows only the domain name certificate, the certificate chain is incomplete.
If the domain name certificate and the intermediate certificate are in the same file, make sure that no spaces or carriage returns exist between the domain name certificate (Section 1) and the intermediate certificate (Section 2).
Step 2: Download the required certificate again and configure the certificate
If your certificate chain is incomplete, you can perform the following steps to download and deploy the required certificate:
Log on to the Certificate Management Service console and download a certificate based on your server type. For more information, see Installation overview.
Deploy the certificate based on your business requirements.
Deploy the certificate to a web server. For more information, see Installation overview.
Deploy the certificate to an Alibaba Cloud service. You can deploy an issued certificate to a specified Alibaba Cloud service in the Certificate Management Service console. For more information, see Deploy certificates to Alibaba Cloud services.