I have noted that recently (since the SHA1 cert was deprecated) I have to manually add the Digicert SHA2 intermediate certificate on SOME, not all ACC, SEG and MAG builds. When setting up, I test AWCM outbound https://‘serverurl’:2001/awcm/statistics on some builds I get a certificate error, untrusted certificate, I can then click continue to see the AWCM stats. Looking at the certificate chain https://‘serverurl’:443 the full chain is present, however if you look at the certificate chain for 2001 it is broken. To remedy this all I do is go to https://‘serverurl’, inspect the certificate chain export the intermediate certificate and then import on to the relevant ACC/SEG/MAG using the defaults given in the certificate export/import wizard. I have no other issues from then on. This does not happen on all server builds, about 50%
If you look at https://www.sslshopper.com/ssl-checker.html and enter you server url it will come back good for 443 but for 2001 I get: -
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. You can fix this by following DigiCert’s Certificate Installation Instructions for your server platform. Pay attention to the parts about Intermediate certificates.
If you run the ACC installer you will find that the ACC service will not start and the logs will have certificate errors in them, load the intermediate certificate and the service will start as normal.