Testing Internal SSL Certificate Installations with the DigiCert Certificate Utility
The Query Server feature can be very helpful for testing your SSL Certificate installation for a certificate that's installed in your Local Area Network but that's not available externally.
How to Display an SSL Certificate Chain Using the DigiCert Utility
-
On your Windows Server, download and save the DigiCert® Certificate Utility for Windows executable (DigiCertUtil.exe).
-
Run the DigiCert® Certificate Utility for Windows.
Double-click DigiCertUtil.
-
In the DigiCert Certificate Utility for Windows©, click Tools (wrench and screw driver).
-
On the Tools page, click Check Install.
-
This opens the Certificate Installation Checker page. This page lets you make a connection to the DNS name/IP address/localhost that you enter.
-
On the Certificate Installation Check page, enter the following information:
Server Address:
Enter your server's DNS name, IP address, or localhost of the certificate you are securing.
Port Number:
Enter the port number.
If you are using a nonstandard port number for the SSL traffic/service, you can enter that into the page as well. SSL/TLS Mode:
In the drop-down list, do one of the following:
• Select Auto determine by port number. This option lets our tool auto-select the default port for any of the following services: HTTPS, SMTP, IMAP, or POP3. • Select the service that you are trying to secure. (Direct (such as in HTTPS), SMTP STARTLS command, IMAP STARTTLS command, or POP 3 STLS command) -
When you are finished, click Query Server.
This makes an HTTPS connection between the DigiCert Certificate Utility and the specified server. Our tool then displays the Certificate Chain that the server sends back with some details about each certificate in the chain.
Troubleshooting Tips
DigiCert uses a few different chain paths for client computers to trace the certificate issued to 'your.domain.com' up to a trusted root certificate. So if you run into any certificate errors with your clients, first try following the instructions on the DigiCert Certificate Utility: Repair Intermediate SSL Certificate Errors page. If those instructions don't solve the problem for you, please contact DigiCert Support for help. Let them know which certificates the Query Server feature lists, so they'll be able to help you get the problem fixed as quickly as possible.