(DC) Certificate Chain (Root and Intermediate)
Description
The following article describes what a certificate chain is, and provides the Root and Intermediate certificates for use with SSL certificates generated by the University of Texas at Austin certificate provider (InCommon).
For existing or established services, please read the “Certificates issued before November 1, 2023” section.
Table of Contents
Certificate Chain
A certificate chain is an ordered list of certificates, containing an SSL Certificate and Certificate Authority (CA) Certificates, that enable the receiver to verify that the sender and all CA's are trustworthy. The chain or path begins with the SSL certificate, and each certificate in the chain is signed by the entity identified by the next certificate in the chain.
Any certificate that sits between the SSL Certificate and the Root Certificate is called a chain or Intermediate Certificate. The Intermediate Certificate is the signer/issuer of the SSL Certificate. The Root CA Certificate is the signer/issuer of the Intermediate Certificate. If the Intermediate Certificate is not installed on the server (where the SSL certificate is installed) it may prevent some browsers, mobile devices, applications, etc. from trusting the SSL certificate. In order to make the SSL certificate compatible with all clients, it is necessary that the Intermediate Certificate be installed.
The chain terminates with a Root CA Certificate. The Root CA Certificate is always signed by the CA itself. The signatures of all certificates in the chain must be verified up to the Root CA Certificate.
For most servers, the root and intermediate certificates that make up the certificate chain are usually found (appeneded) together in a single file. The root certificate is found on top and the intermediate certificate is second or after the root certificate.
Please reference your application or service specific documentation to know exactly how to configure the cryptographic/encryption setup.
Root Certificate
The "USERTrust RSA Certification Authority" Certificate is the current root certificate for ALL SSL certificates issued by the Digital Certificates service.
Intermediate Certificate
The "InCommon RSA Server CA 2" Certificate is the current intermediate certificate for all SSL certificates issued by the Digital Certificates service.
Certificates issued before November 1, 2023 require the older "InCommon RSA Server CA" intermediate certificate (see below).
Certificates issued before November 1, 2023
If you have a certificate that was issued before November 1, 2023
It is advisable that you renew your certificate as soon as you can to avoid having to install a work-around to keep the current certificate alive until it expires shortly and having to go through the renewal process again. However, if you have an older certificate (that was issued before November 1, 2023) that you can not renew easily, please ensure that you are using the following InCommon Intermediate certificate in your chain. You can use the UserTrust Root Certificate from above.