N-central Help

Create a chained certificate

When applying a domain certificate, you need to chain the certificate with the root and intermediate certificates in the order determined by your signing authority. If there are two or more intermediate certificates included, you need to include both certificates during chain process.

To create a chained certificate, contact your CA and request a bundle that can be imported into a Java web server using chained certificates. If there is no generic Java-based web server option available, SolarWinds MSP recommends using Jetty or Tomcat. If no bundle is available, some vendors provide the necessary CA root and intermediate certificate files for download, which will require you to download them individually.

Once you have all of the CA certificates, you must then create the chained certificate. Copy all of the certificates into a single text file in hierarchical order.

For pre-chain signing authorities, the order of the chain is:

  • Your Certificate
  • Intermediate Certificate
  • Root Certificate

For post-chain signing authorities, the order of the chain is:

  • Root Certificate
  • Intermediate Certificate
  • Your Certificate

Once you have the chained certificate prepared, upload the certificate in the NAC. When uploading the certificate, you can either paste the chained certificate into the text box or use the file upload facility. As a general rule, it is better to rely on the file upload as the text box has a finite character limit of approximately 1300 characters. Certificate chains can easily exceed that limit.