When using a custom SSL certificate, we recommend verifying the SSL certificate to check if the domain certificate and all intermediate certificates in the certificate chain are installed correctly. You can remove an incomplete certificate, and add a new custom SSL certificate in your website’s Hosting Services in Tools.
What is SSL?
Secure Socket Layer (SSL) is a security protocol that provides an encrypted connection between a remote web server and a web browser. Encrypted connections protect sensitive information such as payment details or other private data from unauthorized access or malicious attacks.
Properly installing all SSL certificates
Properly installing a complete SSL certificate requires the
- Server/domain certificate,
- Root certificate,
- and all intermediate certificates.
Installing all the certificates completes the SSL certificate chain of trust. This ensures that the certificate comes from a trusted source and helps improve its compatibility across many different web browsers and devices. Typically, a certificate consists of files such as:
- .key (the private key)
- .cert or .crt (the server or domain certificate)
- .ca or .ca_bundle (the root and intermediate certificates.)
When you purchase a custom SSL certificate from a Certificate Authority, you’ll usually receive an email with the certificate files or instructions on how to access them.
Why verify an SSL certificate
If you installed a free SSL certificate through your 10Web dashboard, all certificates were installed automatically and no further action is required.
If you’re using a custom SSL certificate, you should verify the SSL certificate to check if all the intermediate certificates are installed correctly.
This will identify any missing certificates or issues that might cause visitors to see security warnings or SSL errors that could discourage them from visiting your site.
How to verify an SSL certificate
Even though everything looks okay in your browser, you may not be able to detect all possible security warnings that others may see. This is why it’s important to use a third-party tool to check the SSL certificate’s installation.
Qualys SSL Labs offers an SSL server test you can use to verify your website’s SSL certificate and confirm that it’s set up correctly.
- Go to the SSL verification tool.
- Enter your website’s domain name in the Hostname field.
- Click Submit.
It may take a couple of minutes for the tool to complete the test. Once the SSL report is ready, you will see a grade on a scale of A to F.
An A grade means that both the primary domain certificate and the intermediate certificates are properly installed and that the web server itself is properly configured. If the score is lower than an A, you’ll see one or more messages about issues causing the lower grade.
Scoring less than an A
Sites using a custom SSL certificate may receive a lower score due to an Incomplete Certificate Chain error. Installing a custom SSL certificate without the intermediate certificates from the .ca_bundle file triggers incomplete chain errors and warnings. In that case, removing your custom SSL certificate, and adding a new one with all required certificates resolves the error and improves the score.
Resolving incomplete certificate chain errors
If you see incomplete certificate chain warnings in a custom SSL installation, you’ll need to:
- Remove the incomplete SSL certificate.
- Add a new custom SSL certificate with all the required certificate files.
Removing an incomplete certificate
- Log in to your 10Web dashboard.
- Click Manage on the site you’d like to remove the incomplete SSL certificate from.
- Click Tools under Hosting Services.
- Select Remove SSL certificate from the drop down menu in the SSL Certificates section.
- Check the box to confirm the domain to remove the SSL certificate from, and click Yes, Remove.
Adding a complete custom SSL certificate
With the incomplete certificate removed, you can now add a new custom SSL certificate with all the required certificates.