It is important for websites to use SSL certificates to enable HTTPS connections, and secure their website’s data. As a part of SSL Certificate installation, system administrators are required to create certificate authority bundle (CA bundle) of SSL certificates and serve them on their website. CA Bundle is a file that contains root and intermediate certificates in right order. They must be
– Intermediate CA Certificate 2
– Intermediate CA Certificate 1
– Root CA Certificate
In some cases, your certificate provider may provide only 1 intermediate CA certificate. In such cases, the order is
– Intermediate CA Certificate 1
– Root CA Certificate
How to Create CA Bundle File from CRT Files for SSL Certificates
Once you purchase SSL certificate from a reputed SSL provider like PositiveSSL, Comodo, GeoTrust, etc. and submit a certificate signing request (CSR), you will be emailed the SSL certificate bundle that contains a root CA certificate and one or more intermediate CA certificates. You need to concatenate the intermediate certificates with root certificates to generate CA bundle.
If you have the following root and intermediate CA certificate:
- AddTrustExternalCARoot.crt – Root CA Certificate
- COMODORSAAddTrustCA.crt – Intermediate CA Certificate 1
- COMODORSADomainValidationSecureServerCA.crt – Intermediate CA Certificate 2
- yourDomain.crt – Your SSL Certificate
then here is the Linux command to combine these files to generate CA bundle.
-- cat ComodoRSADomainValidationSecureServerCA.crt ComodoRSAAddTrustCA.crt AddTrustExternalCARoot.crt > yourDomain.ca-bundle
On Windows, you can use copy command to generate CA bundle.
-- copy ComodoRSADomainValidationSecureServerCA.crt + ComodoRSAAddTrustCA.crt + AddTrustExternalCARoot.crt yourDomain.ca-bundle
Please note, we will not use the SSL certificate for generating CA bundle. It needs to be served separately. After you have generated the CA bundle, you need to serve the CA bundle and SSL certificate on your website.
Sometimes, on Linux systems, you may get permission denied error when you try to run cat command to generate CA bundle. Follow these steps to overcome this problem.
In this article, we have learnt how to create CA bundle for SSL certificates in Linux and Windows.
Also read:
How to Copy Files from Linux to Windows
How to Copy Files to Amazon S3
How to Fix Permission Denied Error While Using Cat Command
How to Limit User Commands in Linux
How to Backup Website to Amazon S3
Related posts:
Sreeram has more than 10 years of experience in web development, Python, Linux, SQL and database programming.