w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Why is my certificate not valid unless I put the Sub CA certificate in the trusted root certificate authorities?

To elaborate on Erik's comment, trusting the Root CA certificate means that you will trust what the Root CA directly signs.

If you have an intermediate Sub CA in the middle, its certificate is signed by the Root CA, and the Sub CA signs your certificate directly.

Root CA ---signs/verifies---> Sub CA ---signs/verifies---> End user certificate

As Erik said, if you do not have the Sub CA certificate present, then there is no way to link the Root CA to the End user certificate. The Root can verify the Sub CA certificate, and the Sub CA can verify the End user certificate, but there is no way for the Root to skip over the Sub CA and verify the End user certificate because the root did not sign the End user certificate.

2 ways to resolve this are:

  • include the Sub CA cert in your trusted certificates OR
  • make sure the Sub CA cert is included with the end user certificate so a chain can be established.

© Copyright 2018 w3hello.com Publishing Limited. All rights reserved.