Solid-State Society

Month: June 2014

  • Fix RubyGems Postinstall Error

    gem pristine --all --only-executables

  • How to Generate SSL Certificate Chain for Nginx

    I’m using Comodo Certificate, you will get these files from their email:

    • Root CA Certificate – AddTrustExternalCARoot.crt
    • Intermediate CA Certificate – UTNAddTrustSGCCA.crt
    • Intermediate CA Certificate – ComodoUTNSGCCA.crt
    • Intermediate CA Certificate – EssentialSSLCA_2.crt
    • Your EssentialSSL Certificate – www_example_com.crt

    Correct order:

    1. Your EssentialSSL Certificate – www_example_com.crt
    2. Intermediate CA Certificate – EssentialSSLCA_2.crt
    3. Intermediate CA Certificate – ComodoUTNSGCCA.crt
    4. Intermediate CA Certificate – UTNAddTrustSGCCA.crt
    5. Root CA Certificate – AddTrustExternalCARoot.crt

    You can create a chained certificate required by Nginx:

    cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > example.com.chained.crt

    In fact, you can only need the first three certificates: most systems have their root CA.

    cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt  > example.com.chained.crt

    Update Mar 21, 2015:

    Comodo updated their certificates filename, so the correct order now is:

    1. Your EssentialSSL Certificate – www_example_com.crt
    2. Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
    3. Intermediate CA Certificate – COMODORSAAddTrustCA.crt
    4. Root CA Certificate – AddTrustExternalCARoot.crt
    cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > example.com.chained.crt

  • Using S/MIME With Apple Mail

    1. What Is S/MIME Email and Why Should I Be Using It
    2. S/MIME Email Certificates in-Depth
    3. Using S/MIME With Apple Mail

    Free email certificate can be found at COMODO