+ Start a Discussion
Shawn FarmerShawn Farmer 

How do you install an Intermediate CA (SSL) for a force.com page?

We recently went live with our Community Portal that is hosted at ourcompany.force.com. With that, we installed an SSL certificate for this portal through salesforce.com > setup > security controls > Certificate and Key Management. The only problem is that the salesforce.com portal does not have a way to install the Intermediate (Leaf) CA which is associated with our SSL cert. If we connect to our portal with Firefox or if we run a Qualys/Symantec SSL check, the browser/SSL Check throw an error about chain validation. The reason why IE doesn't show an error is that IE ships with many Intermediate CAs already embedded which is a security no-no. I've opened up many support tickets with salesforce.com but they keep on telling me this is a dev issue which I disagree. Has anyone else come across this issue since 99% of the SSL market now have Intermeidate CAs associated with their SSL certs?
 

Thanks!

Shawn FarmerShawn Farmer
FINALLY!!! I got an update back from Salesforce.

Apparently you need to upload a single file (PEM encoded) that contains the SSL cert, Intermediate CA and then the Root CA in that order.
narsavagepnarsavagep

Thank you!  It's 2021 and I needed this information - so glad I found it. 

Our SSL provided originally sent three .crt files and I didn't realize that I needed .pem (I don't see that in any Salesforce documentation or help) - it was an easy fix for them to send me the .pem.  (Which, BTW, is just the three .crt files appended together!)