Last Updated: February 25, 2016
·
1.208K
· destructuring

Building an SSL certificate chain

#ssl

SSL certificates usually have one or more intermediates, forming a chain to a trusted CA bundle included in your OS or browser. With nginx, you have to concatenate the SSL cert and intermediates in their ASCII PEM format.

Find the SSL cert's issuer hash:

openssl x509 -noout -in $SSL_CERT -issuer_hash

Find the intermediate cert by checking it's hash, which should match the above.

openssl x509 -noout -in $INTR_CERT -hash

I name intermediate certs with their hash in the filename to map hashes to certs.

Repeat this for the intermediate certs until you reach a trusted root in your OS or browser CA bundles.

Now finding the intermediate certs to check is a pain. There's no standard way to ask for its location from an SSL cert, and many providers don't make it easy to search or download.

#ssl

Written by Tom, Bom

Say Thanks
Respond

Related protips

Add self signed SSL certificate to Android (for browsing)

196.1K
8

Import private key and certificate into java keystore

173.9K
2

HTTPS with Certbot for Nginx on Amazon Linux

61.02K
4

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Ssl Authors
sdepablos
195.3K
#ssl
#MySQL
#Symfony2
jan0sch
173.3K
#ssl
#Java
#C
aeas44
60.95K
#ssl
#Python
#Docker
weppos
57.34K
#ssl
#Ruby on Rails
#Ruby
mcansky
37.84K
#ssl
#Ruby
#JavaScript
Related Tags
#ssl
Sponsored by
#native_company#
#native_desc#
#native_cta#
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#