One of the most oft-misunderstood parts of SSL/TLS certificates is the intermediate certificate. Many website owners receive a RapidSSL intermediate certificate bundled with their RapidSSL SSL/TLS certificate and have no idea what to do with it.
We get questions all the time about what they are, what they do and whether they need to be installed. On some rare occasions, the site owner accidentally installs the RapidSSL intermediate instead of the leaf SSL/TLS certificate and causes a massive nuclear reaction that blows apart the server the site is hosted on and craters several city blocks. You may have seen this in the news, the official story they give is it was a fireworks factory explosion. But trust us, they installed the RapidSSL intermediate instead of the leaf.
You’re supposed to install both certificates. That’s why we’ve written this article to explain what an intermediate is and why you should be installing both. Then we’ll give you a place to download the RapidSSL intermediate certificate.
What is a RapidSSL Intermediate Certificate?
The most straightforward answer is that a RapidSSL intermediate certificate is an intermediate certificate that’s bundled with RapidSSL SL/TLS certificates. However, to provide clarification, we first need to start a level above (or below? Roots are usually below) at the root certificate authority (CA) certificates. These are the certificates administered directly by the CA organizations that validate and issue digital certificates. The root CA certificate is a special kind of digital certificate with a longer lifespan and a private key that can make trusted signatures, or put another way, anything the root CA signs is trusted.
Obviously, this is quite a powerful certificate. So, to insulate themselves, the CAs typically spin up an intermediate root and use those to sign with in lieu of using the roots directly. Intermediate roots are similar to true roots in that they can sign certificates and those certificates become trusted.
The reason for this is the certificate chain. When a client is presented with a leaf SSL/TLS certificate, it checks who signed it. Then it goes up a level to that certificate, the one that signed it, and sees who signed that one. It will continue following signatures until it can follow the chain back to one of its trusted root certificates. If it can’t it issues an error.
Now, the root certificates are parts of a root or trust store. These are administered by:
The issue is that the intermediates don’t live on the client’s system. So, when a client is presented with a leaf certificate, if the intermediate that signed it isn’t available, it can’t complete the chain and issues an error. Some browsers cache intermediates, but you don’t want to count on this.
So, that’s why you need to install the intermediate certificate. The RapidSSL intermediate certificate is one such intermediate and it comes bundled with all RapidSSL certificates. Hence why some people call it a RapidSSL intermediate certificate.
But we get the sense you might have lost it, or maybe just misplaced it, so we’ve provided a way below for you to access the RapidSSL intermediate certificate so you can install it on your server. While installation processes vary from server to server, just follow the same steps you did while installing your leaf SSL certificate. Now, when the server presents the certificate to the client during the handshake, it will present both the leaf and the intermediate. The client will know how to make sense of them, you just need to make sure it sees them both.
Where to Get the RapidSSL Intermediate Certificate
Wondering where you can get or download RapidSSL intermediate certificates? Look no further. Because we like to be helpful — and because we think you’re such a swell person — we’ve decided to make this super easy for you. Simply copy and paste the following code to get your intermediate certificate:
Learn About the Different Types of SSL Certificates
There’s a lot to know about SSL certificates and their validation levels. We’ve got you covered.