When using IIS 7.5, the following error message appears after clicking Complete Certificate Request:
A certificate chain could not be built to a trusted root authority.
This happens because of the following:
- The Apple Push Notification service (APNs) certificate is signed by the Apple Root Certificate Authority (CA) instead of a public CA.
- Microsoft has enhanced the security settings in IIS when checking the trusted root CA.
To resolve the issue, you need to configure IIS 7.5 for APNs certificate installation:
- Download the Apple Root certificate and Application Integration certificate from here.
Click image to enlarge.
- Double-click the downloaded Apple Root certificate file and click Install Certificateon the Certificate window.
Click image to enlarge.
- Click Nexton the Certificate Import Wizard welcome screen.
Click image to enlarge.
- Select Place all certificates in the following store, and then click Browse.
Click image to enlarge.
- On the Select Certificate Store window, tick Show physical stores.
- Select Trusted Root Certification Authorities > Local Computer, and then click OK.
- On the Certificate Import Wizard screen, click Next and then click Finish.
Click image to enlarge.
- Repeat Steps 2 to 7 (except Step 4) for the Application Integration certificate.
For Step 4, select Intermediate Certification Authorities > Local Computer instead.