Overview
For your website to work reliably over HTTPS across all browsers, devices, and operating systems, it's not enough to install only your primary SSL certificate. You must install the full trust chain, which includes your certificate, the intermediate certificate, and the root certificate.
Without a proper trust chain, some browsers may show:
- “Certificate not trusted” errors
- Insecure connection warnings
- Failed HTTPS connections on older devices
The trust chain ensures the browser can verify:
Your certificate → Intermediate CA → Root CA
What You Need
To build a complete trust chain, you must have:
- Your SSL Certificate (yourwebsite.crt)
- Intermediate Certificate(s) (provided by your SSL/TLS authority)
- Root Certificate (downloadable from your certificate provider’s website)
Note: Some CAs provide multiple intermediate certificates—include all of them in the correct order.
How to Combine Certificates (Certificate Chain File)
Create a combined certificate file by merging the certificates in the exact order below:
- Your SSL Certificate
- Intermediate Certificate(s)
- Root Certificate
-----BEGIN CERTIFICATE-----
(Your SSL Certificate: yourwebsite.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate Certificate: INTERMEDIATE.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root Certificate: Root.crt)
-----END CERTIFICATE-----
Save this merged file as something like: fullchain.crt
Integrating Into Your Server
Update your web server configuration to use the combined chain file.
For example, in NGINX:
ssl_certificate /etc/ssl/fullchain.crt;
ssl_certificate_key /etc/ssl/private.key;
Tip: Always restart or reload your server after updating certificate files.
Why This Step Is Critical
- Ensures uninterrupted HTTPS on all browsers
- Prevents trust errors and mixed-content warnings
- Improves compatibility with mobile apps, smart TVs, and older devices
- Builds a verifiable chain from your certificate to a trusted Certificate Authority
Related Articles
Custom SSL Certificate
Overview Custom SSL certificates play a crucial role in securing modern applications, ensuring encrypted communication between clients and servers. VergeCloud provides a robust and user-friendly interface that allows users to upload, manage, and ...
Activate Free SSL Certificate
Overview Securing your website with HTTPS is one of the most important steps you can take to protect your users and build trust. VergeCloud makes this extremely simple by offering a free SSL certificate that is automatically issued and renewed. The ...
SSL Certificate
Overview This section explains how to manage the connection protocol between your users and your website through VergeCloud’s CDN edge servers. It covers HTTPS configuration, SSL and TLS certificate options, HSTS behavior, protocol versions, and the ...
Steps to Activate Cloud Icon for VergeCloud
Overview Before you activate the Cloud icon for your domain in VergeCloud, it’s important to make sure your server and DNS setup are fully prepared to work with the platform. Turning on the Cloud icon changes the way traffic reaches your website, ...
Origin SSL Certificate
Origin Server Certificate VergeCloud allows you to generate free SSL certificates for your origin servers, helping secure connections between VergeCloud’s edge and your web infrastructure. These certificates are ideal for HTTPS communication from ...