This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 21%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Team,
We are using Internal CA web server authentication certificate with IBCM Server....configured in IIS.
Clients are happily connecting to server.
But during a recent VAPT assessment , We get a RED MARK for IBCM public FQDN.
It says : Certificate is not Trusted.....Chain is In-Complete......Intermediate Certificate is missing.
Kindly suggest.
Suggest what exactly?
This isn't specific to ConfigMgr in any way and needs to be addressed with your PKI folks. Basically, it means that the certificate for your intermediate CA is not accessible. That's a PKI specific issue because the PKI isn't publishing the certificate to the Internet.
Thanks for your reply.
We only have Single Tier Internal Certificate Authority.
Since the Subordinate CA is not there.....we are missing the Intermediate Certificate.
And , this is the reason why we are getting Bad rating as the certificate chain is incomplete.
In order to overcome this, We can use the wildcard certificate available with us.
Thanks again for your reply.
Then you need to address this with whoever performed this test as this has nothing to do with ConfigMgr.
Here is the article about the details of deploying PKI Certificates for your reference:
https://www.prajwaldesai.com/deploy-pki-certificates-for-sccm-2012-r2/
Note: the above links are not from MS, and just for your reference.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.