Verify intermediate and root chain is complete and trusted. Free SSL chain validator.
The Certificate Chain Validator checks that your server's certificate chain is complete and leads to a trusted root. A valid chain typically includes the server certificate, one or more intermediate CA certificates, and ends at a root CA that is in the client's trust store. If an intermediate is missing or the order is wrong, browsers may show security errors. This tool connects to your domain (or accepts a pasted chain), verifies each link in the chain, checks signatures and validity dates, and confirms the root is trusted by major operating systems and browsers. Use it after installing a new certificate to ensure the chain is correct, to fix ERR_CERT_AUTHORITY_INVALID type errors, and to meet compliance requirements that depend on a properly configured chain.
The server did not send the intermediate CA certificate(s). Browsers need the full chain to validate. Include intermediates in your server config.
Server cert first, then intermediates (often in a single file), then the root is usually not sent as it's in the trust store.
Different trust stores and policies. Validating against a standard set ensures broad compatibility.
Yes, if you can paste the chain or the tool can connect to the test server. Self-signed roots are only trusted if explicitly added.
Some roots are signed by another CA for backward compatibility. The validator should follow the chain to a trusted root.