Download the Thawte Intermediate CA bundle for SSL Web Server and Thawte Wildcard certificates

General Information ID:    INFO1374
Version:    17.0
Published:    05/07/2011
Updated:    12/05/2014


IMPORTANT: The Intermediate CA's in this article is not compatible with SHA-2 certificates. Please see the following solution if you need SHA-2 Intermediate CAs: AR1384


The SHA-1 Intermediate CA's in this article apply to the following Thawte SSL certificates:

  • SSL Web Server
  • Thawte Wildcard

Please Note:  On June 27th, 2010 Thawte upgraded its root hierachy to 2048bit RSA Keys to enhance the security of all SSL products. As a part of this upgrade, all newly issued certificates now require the installation of the new Primary and Secondary Intermediate CA's along with your SSL certificate. These new Intermediate CA's MUST be installed in order for your SSL certificate to be fully trusted in all browsers.

You MUST install the below Intermediate CA file on your server for your SSL certificate to be fully supported in all web browsers.

For your convenience we have pre-packaged the two Intermediate CA's in a single file for a quick and easy install on to your web server. Please download the CA file version for your web server type.

Complete The Two Steps On Your Web Server:

Microsoft IIS & Tomcat

  1. Download the PKCS#7 CA version (Right-Click link & Save)

  2. Install the CA file using the below instructions:

    1. For IIS
    2. For Tomcat


Apache, Plesk & CPanel

  1. Download the Bundled CA version (Right-Click link & Save)

  2. Install the CA file using the below Instructions:

    1. For Apache
    2. For Plesk
    3. For Cpanel


All Other Web Server's

  1. Download the two CA files below:

    1. Primary Intermediate CA (Right-Click link & Save)
    2. Secondary Intermediate CA (Right-Click link & Save)

  2. Install the CA file's:

    1. Find your server type here


Did You Know?

The image on the left represents where the Primary and Secondary CA's fit in the certificate chain.

Note: The chain may display differently depending on the type of web browser used to view a secure web page. As per the left image, older web browsers will show all the CA's in the chain, newer web browsers will display a shorter chain. The Thawte Root CA sitting at the top of the chain by default is widely distributed into all common web browsers and therefore will not require installation.

Thawte SSL Checker
Have you installed your SSL certificate & the Thawte Intermediate CA's correctly? test your website using our SSL Checker


Knowledge Center

Search Tips