It is possible to successfully install an InCommon SSL certificate on a host, but still have client browsers report SSL errors when connecting to the site. This is usually caused by a certificate either being installed partially or incorrectly. To validate that an InCommon SSL certificate has been installed successfully, and will not report errors for users with Internet Explorer, follow the steps outlined below.
Remove existing Intermediate InCommon certificate from browser
An important part of the InCommon SSL certificate foundation to understand is that the InCommon intermediate certificate is what provides trust of a server's host certificate. This InCommon Intermediate certificate, in turn, is trusted by the AddTrust External Root Certificate Authority (CA). While the AddTrust External Root CA is installed by default with most browsers, the InCommon Intermediate certificate often is not. Because of this, it is important that a server using an InCommon SSL certificate must include at least the client and intermediate certificates, which will be exchanged with a requesting client's browser upon connection; in can include the root certificate as well.
To ensure that the intermediate certificate is properly installed, we must ensure it is not already installed in Internet Explorer on the client from which we are going to test an SSL connection.