Problem
When attempting to connect to a secure site using Firefox, the browser may display the following error(s):
"The security certificate was issued by a company you have not chosen to trust"
"Unable to verify the identity of your domain.com as trusted site"
"Website Certified by an Unknown Authority"
"The security certificate presented by this website is not issued by a trusted certificate authority"
Cause
The Primary and/or Secondary Intermediate CA certificates are not installed on the server. When both Intermediate CA's are installed properly on the server, they will be presented to the client connecting and used during the secure session. So, no action is required on the client side.
Resolution
Make sure both Intermediate CA's are installed on the server.
Step 1: Download the Intermediate CA certificate
Download the /ROOTS|Primary Intermediate CA and Secondary Intermediate CA (Apache/OpenSSL CA Bundles are also available)
Step 2: Import the intermediate certificates using Microsoft Management Console (MMC)
Import the Intermediate CA Certificates (Primary and Secondary) using the Microsoft Management Console (MMC)
1. Open the Microsoft Management Console (MMC), click Start, Run, then enter MMC and select OK
2. Choose File or Console, select Add/Remove Snap-In
3. From the Add/Remove Snap-In window select the Add button
4. From the list, select Certificates, then Add, Computer Account and Local Computer, click OK
5. From the left window, choose Intermediate Certification Authorities, then right-click Certificates, select All Tasks and Import. This will open the Certificate Import Wizard.
6. Click Next
7. Browse to the location of the intermediate certificate and click Next
8. Select Place the certificate in the following store: Intermediate Certification Authorities and Click Finish
Step 3: Locate and Disable CA certificate. (E.g. VeriSign certificate)
1. Create a Certificate Snap-In in Microsoft Management Console (MMC).
2. With the MMC and the Certificates snap-in open, expand the Trusted Root Certification Authorities folder on the left and choose the Certificates sub-folder.
3. Locate the following certificate:
Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
Expiration Date: 7/16/2036
Serial Number: 18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a
4. If this certificate is present, disable it.
5. Right click the certificate
6. Choose Properties
7. In the Certificate purposes section, you must select Disable all purposes for this certificate and click OK
8. Close the MMC - there is no need to save console settings
Step 4: Check the certificate installation
1. Stop and start your Web server prior to any testing. (You must sometimes restart IIS services and re-boot so that the changes take place).
2. Use the Installation Health Checker to verify the SSL certificate installation.