From LedHed's Wiki
Revision as of 02:05, 14 October 2020 by Ledhed (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

Nginx (and probably other web servers) wants a certificate bundle when using certificate signed by a Root Certificate Authority. This article will explain how to set one up.


Basics

Its outside the scope of this article to explain how to generate SSL/TLS certificates. There are plenty of OpenSSL examples floating around.

In a nut shell, a bundled certificate is just that, a group of certificates in one file. The order of that bundle should be like this:

-----BEGIN CERTIFICATE-----
(host.pem)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(intermediate.pem)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(root.pem)
-----END CERTIFICATE-----

Assuming you have the files: host.pem, intermediate.pem, root.pem

cat host.pem internediate.pem root.pem > host_bundle.pem


Nginx

Its beyond the scope of this article to explain how to setup Nginx for SSL/TLS, but here are the relevant lines on how to access the server's private key and certificate bundle:

        ssl_certificate /etc/ssl/private/host_bundle.pem;
        ssl_certificate_key /etc/ssl/private/server.key;


Reference

https://www.digicert.com/kb/ssl-support/pem-ssl-creation.htm