For installation of a certificate I needed to install the root and intermediate certificates as well. This was recognized (after IIS reset) by Firefox and IIS at once, but not by IE, Opera or Network4All. After a physical restart it was recognized by all.
My question is: how can I install the root and intermediate certificates without restarting the entire server? (and, of less importance, come that Firefox recognized this at once, but others didn't)?
Best Answer
I think you are seeing Firefox work because firefox most likely already had copies of the root and intermediate installed in its own stores, (which I have mixed feelings about). It seems like browsers are frequently importing intermediate certificates as well as roots into their own keystores now. That's one reason why I use cURL and the CA-provided certificate validation tool to verify the installation whenever I replace a cert.
I've had the problems with IIS you are describing if I installed the cert prior to installing the Intermediate cert but never had issues if the intermediate certs were imported prior to importing the server cert. Unfortunately, depending upon the CA, one does not always realize that the intermediate cert has been replaced until server cert verification is being performed.