Verification of Certificate chain failed

When trying to import the certificate response into the SSL server Standard PSE (or another PSE), an error might happen, informing that the “Verification of Certificate chain failed”.

It is possible that a wrong intermediate and/or root certificate is being used.

This post will show how to extract the intermediate and the root certificates using the Windows Crypto Shell Extension.

First step

Double click the certificate response file (<filename>.cer):

Go to “Certification Path” (third tab):

Double click in the intermediate certificate (a new popup will be displayed):

Click in “Details” (second tab):

Click in “Copy to File…” to start a wizard. Select “Base-64 encoded X.509 (.CER)” to export the file.

Next step

Repeat the first step for the root certificate

Now it is possible to combine:

certificate response +

intermediate certificate +

root certificate

and paste them into the dialog box:

displayed after clicking in the “Import Cert. Response” button (“Own Certificate” section of the PSE):