https://wiki.ledhed.net/index.php?action=history&feed=atom&title=Create_a_Certificate_Bundle 2026-04-23T06:01:32Z Revision history for this page on the wiki MediaWiki 1.23.2 //wiki.ledhed.net/index.php?title=Create_a_Certificate_Bundle&diff=3493&oldid=prev 2020-10-14T02:05:59Z

<p>Created page with &quot;== Overview == Nginx (and probably other web servers) wants a certificate bundle when using certificate signed by a Root Certificate Authority. This article will explain how t...&quot;</p> <p><b>New page</b></p><div>== Overview ==<br /> Nginx (and probably other web servers) wants a certificate bundle when using certificate signed by a Root Certificate Authority. This article will explain how to set one up.<br /> <br /> <br /> == Basics ==<br /> Its outside the scope of this article to explain how to generate SSL/TLS certificates. There are plenty of OpenSSL examples floating around.<br /> <br /> In a nut shell, a bundled certificate is just that, a group of certificates in one file. The order of that bundle should be like this:<br /> -----BEGIN CERTIFICATE-----<br /> (host.pem)<br /> -----END CERTIFICATE-----<br /> -----BEGIN CERTIFICATE-----<br /> (intermediate.pem)<br /> -----END CERTIFICATE-----<br /> -----BEGIN CERTIFICATE-----<br /> (root.pem)<br /> -----END CERTIFICATE-----<br /> <br /> Assuming you have the files: host.pem, intermediate.pem, root.pem<br /> cat host.pem internediate.pem root.pem &gt; host_bundle.pem<br /> <br /> <br /> == Nginx ==<br /> Its beyond the scope of this article to explain how to setup Nginx for SSL/TLS, but here are the relevant lines on how to access the server's private key and certificate bundle:<br /> ssl_certificate /etc/ssl/private/host_bundle.pem;<br /> ssl_certificate_key /etc/ssl/private/server.key;<br /> <br /> <br /> == Reference ==<br /> https://www.digicert.com/kb/ssl-support/pem-ssl-creation.htm<br /> <br /> <br /> [[Category:Linux]][[Category:nginx]]</div>

Ledhed