How to create a .ca-bundle

Linux howto's, compile information, information on whatever we learned on working with linux, MACOs and - of course - Products of the big evil....
Post Reply
gilthanaz
Site Admin
Posts: 444
Joined: Fri Aug 29, 2003 9:29 pm
Contact:

How to create a .ca-bundle

Post by gilthanaz »

[Problem]
Installing an SSL certificate, the necessary files came in a .zip but apache expects a .ca-bundle, key and crt file. Some of those files have to be combined into one ca-bundle file and configured in the site config.

[Solution]

Three files have to be cat'ed together to get the ca-bundle file:

Code: Select all

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > MySite-SSL.ca-bundle
Now you need to get the MySite-SSL.ca-bundle, MySite-SSL.crt and MySIte-SSL.key file to where they belong, normally /etc/apache2/ssl/

Now configure the site config in /etc/apache2/sites-available/ssl-MySite and add the bundle, key and crt file like this (Apache 2.x syntax):

Code: Select all

 SSLCertificateFile    /etc/apache2/ssl/MySite-SSL.crt
 SSLCertificateKeyFile /etc/apache2/ssl/MySite-SSL.key
 SSLCertificateChainFile /etc/apache2/ssl/MySite-SSL.ca-bundle
Make sure the rest of the config is ok (Document root etc) and restart/reload apache, and your site should be reachable, signed and secure!
Post Reply