How to bundle intermediate certs into one file

pki apache-2.2 ssl-certificate ssl-certificate-renewal

The order is supposed to be the leaf cert first (the domain's cert), and then each cert that signs the one before it until it reaches the root cert. The "issuer" field basically says which entity signed that cert. The root being AAACertificateServices because it signs itself (issuer matches subject).

In this case it would be:

  1. leaf/domain cert
  2. SectigoRSADomainValidationSecureServerCA
  3. USERTrustRSAAAACA
  4. AAACertificateServices

For httpd before 2.4.8, make a file for 2,3,4 and use SSLCertificateChainFile. For httpd 2.4.8 or later make a single file with 1-4.

The root cert (#4 in this case) is optional to include in either case, normally recommended to leave out. Apparently including it can result in better client-side error messages for older Windows clients if the cert isn't trusted.

Related

oVirt or Proxmox with Cloudstack
GlusterFS or Ceph RBD for storing Virtual Machine image
Why does Apache send HTTP/1.1 when client requests HTTP/1.0? And many other very similar problems [closed]
Should I use a crossover cable to connect a cable modem to a router?
Rewrite cond for domain and www.domain letsencrypt
Different response when hitting curl command with & without single quotes
Exchange 2010 junk filter not working
My Site is not working
Ansible management of frequently off machines
Is physical connection sufficient to register a MAC address to a switch?
How to disable the Java update message balloon in Windows 7? [duplicate]
Is there a way to disable the tray icon for Microsoft Security Essentials?