Introduction
It is sometimes the case that certificate authorities provide the different parts of the certificate in separate files. These files will form the chain from a well known trusted CA, though some intermediaries, all the way to the certificate for the server.
This article is intended as a guide for create certificate to import into CaféX that includes the bundle certificate you get from your issuer. That way you will serve up the server certificate and the CA + any intermediates.
Instructions.
You will have a server.crt file and a issuer_bundle.crt in /opt/certs on your server.
To create a new all.crt to import onto fas you do
- cat server.crt > all.crt
- cat issuer_bundle.crt >> all.crt
Check there are no carriage returns in the file, it should look like:
-----BEGIN CERTIFICATE-----
MM1AQIJASJ11..etc.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MM1AQIJASJ11..etc.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MM1AQIJASJ11..etc.
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MM1AQIJASJ11..etc.
-----END CERTIFICATE-----
You can then follow the instructions for importing the cert as per Using External Certifcates with CaféX
Comments
0 comments
Please sign in to leave a comment.