Tag: Comodo

  • How to Generate SSL Certificate Chain for Nginx

    I’m using Comodo Certificate, you will get these files from their email:

    • Root CA Certificate – AddTrustExternalCARoot.crt
    • Intermediate CA Certificate – UTNAddTrustSGCCA.crt
    • Intermediate CA Certificate – ComodoUTNSGCCA.crt
    • Intermediate CA Certificate – EssentialSSLCA_2.crt
    • Your EssentialSSL Certificate – www_example_com.crt

    Correct order:

    1. Your EssentialSSL Certificate – www_example_com.crt
    2. Intermediate CA Certificate – EssentialSSLCA_2.crt
    3. Intermediate CA Certificate – ComodoUTNSGCCA.crt
    4. Intermediate CA Certificate – UTNAddTrustSGCCA.crt
    5. Root CA Certificate – AddTrustExternalCARoot.crt

    You can create a chained certificate required by Nginx:

    cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > example.com.chained.crt

    In fact, you can only need the first three certificates: most systems have their root CA.

    cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt  > example.com.chained.crt

    Update Mar 21, 2015:

    Comodo updated their certificates filename, so the correct order now is:

    1. Your EssentialSSL Certificate – www_example_com.crt
    2. Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
    3. Intermediate CA Certificate – COMODORSAAddTrustCA.crt
    4. Root CA Certificate – AddTrustExternalCARoot.crt
    cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > example.com.chained.crt