To ensure normal HTTPS communication between clients and your web server, you must install the root certificate and intermediate certificates when you install an SSL certificate on your web server. This topic describes how to download root certificates and intermediate certificates.
If your web services are accessed by using browsers, you do not need to install root certificates because the root certificates are built into the browsers. In this scenario, you need to install only the SSL certificates that are issued by the certificate authority (CA) on your web server. This way, your web server can communicate with the browsers over HTTPS. For more information about how to install SSL certificates, see Installation overview.
If your web services are accessed by using clients such as Java clients, you must install root certificates on the clients because no root certificates are built into the clients. If you do not install the root certificates, the clients cannot verify the information encrypted by your web server. For example, if a DigiCert organization validated (OV) SSL certificate is installed on your web server, the clients must be installed with built-in DigiCert OV root certificates before they can communicate with your web server over HTTPS.
We recommend that you implement client verification by using the default Truststore of the clients and enable strong domain name verification to enhance the security of the apps. If you want to learn more, submit a ticket or contact after-sales technical support. To contact after-sales technical support, log on to the SSL Certificates Service console, move the pointer over Technical Support in the left-side navigation pane, and then scan the QR code that appears to apply to join the DingTalk service group.
Download links for root certificates
You can download only the following root certificates:
To ensure normal HTTPS communication between clients and your web server, you must install the root certificate and intermediate certificates when you install an SSL certificate on your web server. In most cases, the SSL certificates that you download contain intermediate certificates. For example, if you download a certificate package for Apache servers, the domain name_chain.crt file extracted from the package contains intermediate certificates.