(Created page with "== Overview == Nginx (and probably other web servers) wants a certificate bundle when using certificate signed by a Root Certificate Authority. This article will explain how t...") |
(No difference)
|
Latest revision as of 02:05, 14 October 2020
Contents
Overview
Nginx (and probably other web servers) wants a certificate bundle when using certificate signed by a Root Certificate Authority. This article will explain how to set one up.
Basics
Its outside the scope of this article to explain how to generate SSL/TLS certificates. There are plenty of OpenSSL examples floating around.
In a nut shell, a bundled certificate is just that, a group of certificates in one file. The order of that bundle should be like this:
-----BEGIN CERTIFICATE----- (host.pem) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (intermediate.pem) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (root.pem) -----END CERTIFICATE-----
Assuming you have the files: host.pem, intermediate.pem, root.pem
cat host.pem internediate.pem root.pem > host_bundle.pem
Nginx
Its beyond the scope of this article to explain how to setup Nginx for SSL/TLS, but here are the relevant lines on how to access the server's private key and certificate bundle:
ssl_certificate /etc/ssl/private/host_bundle.pem;
ssl_certificate_key /etc/ssl/private/server.key;
Reference
https://www.digicert.com/kb/ssl-support/pem-ssl-creation.htm