How to create a .ca-bundle
Posted: Tue Feb 09, 2016 5:23 pm
[Problem]
Installing an SSL certificate, the necessary files came in a .zip but apache expects a .ca-bundle, key and crt file. Some of those files have to be combined into one ca-bundle file and configured in the site config.
[Solution]
Three files have to be cat'ed together to get the ca-bundle file:
Now you need to get the MySite-SSL.ca-bundle, MySite-SSL.crt and MySIte-SSL.key file to where they belong, normally /etc/apache2/ssl/
Now configure the site config in /etc/apache2/sites-available/ssl-MySite and add the bundle, key and crt file like this (Apache 2.x syntax):
Make sure the rest of the config is ok (Document root etc) and restart/reload apache, and your site should be reachable, signed and secure!
Installing an SSL certificate, the necessary files came in a .zip but apache expects a .ca-bundle, key and crt file. Some of those files have to be combined into one ca-bundle file and configured in the site config.
[Solution]
Three files have to be cat'ed together to get the ca-bundle file:
Code: Select all
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > MySite-SSL.ca-bundleNow configure the site config in /etc/apache2/sites-available/ssl-MySite and add the bundle, key and crt file like this (Apache 2.x syntax):
Code: Select all
SSLCertificateFile /etc/apache2/ssl/MySite-SSL.crt
SSLCertificateKeyFile /etc/apache2/ssl/MySite-SSL.key
SSLCertificateChainFile /etc/apache2/ssl/MySite-SSL.ca-bundle