Creating all.crt to include bundle certificates with server certificate.

Introduction

It is sometimes the case that certificate authorities provide the different parts of the certificate in separate files. These files will form the chain from a well known trusted CA, though some intermediaries, all the way to the certificate for the server. 

This article is intended as a guide for create certificate to import into CaféX that includes the bundle certificate you get from your issuer. That way you will serve up the server certificate and the CA + any intermediates.

Instructions.

You will have a server.crt file and a issuer_bundle.crt in /opt/certs on your server.

To create a new all.crt to import onto fas you do

  • cat server.crt > all.crt
  • cat issuer_bundle.crt >> all.crt

Check there are no carriage returns in the file, it should look like:

-----BEGIN CERTIFICATE-----

MM1AQIJASJ11..etc.

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MM1AQIJASJ11..etc.

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MM1AQIJASJ11..etc.

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MM1AQIJASJ11..etc.

-----END CERTIFICATE-----

You can then follow the instructions for importing the cert as per https://support.cafex.com/hc/en-us/articles/202878461-Using-External-Certifcates-with-Caf%C3%A9X

 

 

Comments are disabled on these articles if you require help contact support@cafex.com.

Have more questions? Submit a request

Comments

Powered by Zendesk