SSL/TLS Certificates - How to verify that your intermediate certificates are installed correctly
This article details different methods available to verify your SSL certificate is installed correctly.
Checking via Browser
After installing a certificate on a server we test the installation using various browsers. This works okay as long as you delete the intermediate certificate (not the root certificate) from your browser.
During SSL negotiation the server should send the end entity SSL certificate and the intermediate certificate to the client (browser), if the intermediate certificate is properly installed on the server; In our case, the InCommon intermediate certificate should be downloaded to the client.
Checking via OpenSSL
Alternatively if you have openssl available, you can test whether or not the intermediate certificate is installed correctly by executing this command:
openssl s_client -showcerts -connect [webservertotest.wisc.edu]
openssl s_client -connect [webservertotest.wisc.edu]:443 -CAfile AddTrustRoot.cer
The command should return status code of 0 if everything is in order.
Use the appropriate substitution for your particular situation. For example, replace "webservertotest.wisc.edu" with the CN of the webserver you are configuring, modify the port number if needed, and make sure you have a copy of the root certificate which I named "AddTrustRoot.cer".
Checking via Online Tool
Alternatively, you can use the following on-line tool to test your web site.