I recently had need to renew a client’s IIS SSL certificate on their behalf as it had expired.
Generating the renewal request was easy in IIS using IIS Manager. It was sent off to the issuer and a new certificate quickly received.
Importing the new certificate into IIS was also easy using IIS Manager, however, once imported IIS reported the certificate issuer could not be verified and digging further “The issuer of this certificate could not be found”. WTF? It was working from the same provider previously and Thawte are a well known authority.
A bit of a google, came up with Thawte changing their security in June 2010 to require an intermediate certificate. This link provides the intermediate certificate and how to install on IIS – all worked exactly as detailed.
Hopefully, this will help someone else to get over this hurdle quickly.