Home > Net >  how does an SSL certificate chain bundle arranged?
how does an SSL certificate chain bundle arranged?

Time:05-03

I have 4 certificate files like this:

1.certum_certificate.crt
2.certum_certificate.pem
3.Intermediate_CA2.cer
4.Intermediate_CA.cer
5.Root_CA.cer

I put these files content by this order in a bundle file and i figured out that my SSL chain is incomplete. how should i arrange them in bundle file?

CodePudding user response:

Just concatenate the three parts into a single file like this (fullchain.pem) :

-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISA/UUyBjJ71fucZuvpiLsdfsfsdfsdfd
...
hoFWWJt3/SeBKn ci03RRvZsdfdsfsdfw=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinsdfsfsdfsdfdsfsdfsd
....
nLRbwHqsdqD7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBsdfSDFSDFVSDVzfsdffvqdsfgsT664ScbvsfGDGSDV
...
Dfvp7OOGAN6dEOM4 SDFSDZET DFGDFQSD45Bddfghqsqf6Bsff
-----END CERTIFICATE-----

The order must be backwards. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it :

Original issuer —> Intermediate issuer 1 —> Final Root issuer which is a root certificate authority and can be trusted.

It's possible to have several intermediates : ...—> Intermediate issuer 1 —> Intermediate issuer 2 —>...

  • Related