Barry Jones
asked on
How to Combine SSL Certificate Chain into a single PEM-encoded file with OpenSSL
Hi there!
I am inexpereinced with the working of SSL certs, so please forgive any obvious errors.
I have a hotspot subscriber gateway that I am configuring for use with our billing system. I need to install an SSL cert and private key onto the device. It requires a single PEM certificate file and also a PEM private key file.
As it only accepts a single file, my SSL provider (InstantSSL) has sent me three files, one is my cert and the other two are the chain certs (GTE and Comodo). I need to combine these three certs into one file. Does anybody know how to acheive this please?
I have successfully used OpenSSL (Windows Version) to convert my private key file into a PEM file, and I assume that OpenSSL has the ability to do what I need, but I am in a hurry, and I do not understand OpenSSL nearly enough to attempt this.
Thanks!
TheFoot
PS. Sorry if this is the wrong Topic Area, but I dont know where else to put this! :)
I am inexpereinced with the working of SSL certs, so please forgive any obvious errors.
I have a hotspot subscriber gateway that I am configuring for use with our billing system. I need to install an SSL cert and private key onto the device. It requires a single PEM certificate file and also a PEM private key file.
As it only accepts a single file, my SSL provider (InstantSSL) has sent me three files, one is my cert and the other two are the chain certs (GTE and Comodo). I need to combine these three certs into one file. Does anybody know how to acheive this please?
I have successfully used OpenSSL (Windows Version) to convert my private key file into a PEM file, and I assume that OpenSSL has the ability to do what I need, but I am in a hurry, and I do not understand OpenSSL nearly enough to attempt this.
Thanks!
TheFoot
PS. Sorry if this is the wrong Topic Area, but I dont know where else to put this! :)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you do
openssl x509 -in cert1 -text -inform PEM
or
openssl x509 -in cert1 -text -inform DER
what do you have as output ?
openssl x509 -in cert1 -text -inform PEM
or
openssl x509 -in cert1 -text -inform DER
what do you have as output ?
Just checking a possibility here:
Be sure that the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- are kept in tact for each certificate... don't put all of them between a single pair of -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
Be sure that the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- are kept in tact for each certificate... don't put all of them between a single pair of -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
ASKER
OK, the INFORM command for PEM chucked out what appears to be the certificate, the DER brought back the error. So I assume the certs are all already in PEM format..
Now with regard to combining them..
I created a text file with the three certificate contents in. I saved it as "combined.crt" and double-clicked the file (in windows XP). The certificate services dialog showed me that the chain was only for the first two certificates, ie the GTE Global Root Certificate, and then its sibling, the Comodo Services certificate. It did not show the third certificate, my server certificate. (I included the three pairs of BEGIN and END CERTIFICATE tags.)
Any ideas?
Thanks, TheFoot
Now with regard to combining them..
I created a text file with the three certificate contents in. I saved it as "combined.crt" and double-clicked the file (in windows XP). The certificate services dialog showed me that the chain was only for the first two certificates, ie the GTE Global Root Certificate, and then its sibling, the Comodo Services certificate. It did not show the third certificate, my server certificate. (I included the three pairs of BEGIN and END CERTIFICATE tags.)
Any ideas?
Thanks, TheFoot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks - that was perfect. It displays all three certs now from one combined file.
Thanks to both of you guys for helping with this answer - I have split the points.
Cheers :)
TheFoot
Thanks to both of you guys for helping with this answer - I have split the points.
Cheers :)
TheFoot
ASKER
I tried the commands you suggested, but it failed. Here is the output:
unable to load certificate
3080:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:w
n1\tasn_dec.c:1282:
3080:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:
crypto\asn1\tasn_dec.c:374
Perhaps they are already PEM-encoded?
Thanks, TheFoot