SSL Tools
SSL Chain Fixer
Build and verify SSL certificate chain bundles — 100% client-side
What is an SSL Certificate Chain?
An SSL certificate chain (also called a chain of trust) is the sequence of certificates from your server's leaf certificate up through intermediate Certificate Authority (CA) certificates to the root CA. Web browsers need the complete chain to verify that your SSL certificate was issued by a trusted authority. When intermediate certificates are missing, browsers display security warnings like "NET::ERR_CERT_AUTHORITY_INVALID" even though your certificate itself is valid. This tool helps you build a correct chain bundle by analyzing issuer relationships between certificates, identifying missing intermediates, and assembling all certificates in the correct order. The resulting PEM bundle file can be used directly with web servers like Apache, Nginx, and HAProxy to eliminate chain-related SSL errors.
Why does my browser show a certificate error even though my SSL cert is valid?
The most common cause is an incomplete certificate chain. Your server must send not just the leaf certificate but also all intermediate CA certificates. Without them, the browser cannot trace the chain of trust back to a root CA it recognizes.
What order should certificates be in a chain bundle?
The leaf (server) certificate goes first, followed by intermediate certificates in order, with the root CA certificate last. Some servers do not require the root certificate since browsers already have it in their trust store.
Is it safe to analyze certificates in the browser?
Yes. This tool uses the node-forge library to perform all parsing entirely in your browser. No certificate data is transmitted to any server.
How do I get the intermediate certificates I need?
Your Certificate Authority usually provides the intermediate certificates along with your server certificate. You can also find them by checking the "Authority Information Access" extension in your certificate, which contains a URL to download the issuer certificate.