Do I need to use the bundle-ca when generating a pfx?
Solution 1:
couple of things:
-
NEVER EVER use online tools to convert PEM/KEY to PFX or PFX to PEM/KEY, because you compromise your private key. They will have a full copy of your certificate including private key and can impersonate the entity entitled in certificate and potentially can spoof you.
-
Although not required it is generally recommended to include additional CA certificates in the case if they aren't presented on target/client systems. These certificates will be sent to clients from web server (assuming you are talking about TLS certificate) and boost/simplify certificate validation on client. In this case, clients are not required to have installed copy of intermediate CA certificate, they will be provided automatically during TLS handshake from bundle installed on a server.