If visitors see an "untrusted certificate" or "untrusted connection" warning on your site even though an SSL certificate is installed, the most common cause is a missing intermediate CA certificate. This article explains what the CA bundle is, where to get it, and how to install it so browsers trust your certificate.
What an intermediate certificate and CA bundle are
Browsers trust your SSL certificate only when they can follow an unbroken chain from your certificate up to a root certificate they already trust. The links in that chain between your certificate and the root are intermediate CA certificates. A CA bundle is the file (or set of files) containing those intermediates. If they are missing from your server, browsers cannot complete the chain and display an untrusted warning, even though the certificate itself is valid.
Before you begin
- Identify which certificate authority issued your certificate (DigiCert, Sectigo, GeoTrust, or RapidSSL). The CA bundle is specific to the issuing CA.
- Check the original fulfillment email you received when the certificate was issued — most SSL purchases already include the intermediate files in that email.
Step 1: Download the CA bundle
You can obtain the intermediate certificates two ways:
- From your fulfillment email. Most SSL certificate purchases include the intermediate CA files in the email you received when the certificate was issued. Use those files if you still have the email.
- From the certificate authority. If you no longer have the fulfillment email, download the CA bundle directly from the CA that issued your certificate — GeoTrust, Sectigo, DigiCert, or RapidSSL.
Step 2: Install the bundle on your web server
Installation steps differ by server software, but the general approach is the same:
- Place the CA bundle file on the server alongside your issued certificate and private key.
- In your server or hosting control panel's SSL settings, supply the intermediate / CA bundle file in the field provided (often labeled CA Bundle, Certificate Authority Bundle, or Intermediate Certificate).
- Save the configuration and restart or reload the web server so the new chain takes effect.
- Reload your site in a browser and confirm the untrusted warning is gone. You can also use an online SSL checker to verify the full chain is presented.
If your hosting is managed by a third-party provider, the certificate, key, and CA bundle must be installed on that provider's server. Send them the bundle and ask them to complete the installation.
Next steps
- For detailed installation help and other certificate errors, see Advanced SSL Setup and Troubleshooting.
- If the warning persists after installing the bundle, contact Enom Support with your certificate Order ID.
Questions? Contact Enom Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.