chain certs together
authorPhilip Durbin <philipdurbin@gmail.com>
Fri, 8 May 2015 20:08:26 +0000 (16:08 -0400)
committerPhilip Durbin <philipdurbin@gmail.com>
Fri, 8 May 2015 20:08:26 +0000 (16:08 -0400)
java/glassfish/howto/reuse-a-wildcard-ssl-cert-from-apache.mdwn

index c1f2f2a68060705f0bbc34ae5df97adcdd9b52ba..140599784c4e87bdf2b3cf756a85244184bd521a 100644 (file)
@@ -10,12 +10,12 @@ Before you can begin, you'll need to gather three files from your Apache server.
 
 - SSLCertificateFile (server.crt) Server PEM-encoded X.509 Certificate file http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatefile
 - SSLCertificateKeyFile (server.key) Server PEM-encoded Private Key file http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslcertificatekeyfile
-- SSLCertificateChainFile (ca.crt) File of PEM-encoded Server CA Certificates http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslcertificatechainfile
+- SSLCertificateChainFile (server-chain.crt) File of PEM-encoded Server CA Certificates http://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslcertificatechainfile
 
 In this tutorial, we're storing all these files in /tmp/certs but the key especially should be kept secure:
 
     [root@dvn-vm2 config]# ls -1d /tmp/certs/*
-    /tmp/certs/ca.crt
+    /tmp/certs/server-chain.crt
     /tmp/certs/server.crt
     /tmp/certs/server.key
 
@@ -49,6 +49,10 @@ Now would be a good time to back it up. :)
     Certificate fingerprint (MD5): 52:BC:A6:6D:31:15:8E:6F:64:AA:14:E7:20:29:B1:AA
     [root@dvn-vm2 config]# 
 
+## Construct a CAfile
+
+    cat /tmp/certs/server-chain.crt /etc/ssl/certs/ca-bundle.crt > /tmp/certs/ca.crt
+
 ## Created intermediary pkcs12 keystore from SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile files
 
 This step and the one following comes primarily from http://stackoverflow.com/questions/906402/importing-an-existing-x509-certificate-and-private-key-in-java-keystore-to-use-i/8224863#8224863