Charlie Harvey

#674

I concatenated both Gandi's intermediate certificate (https://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem) and my website certificate (mywebsite.crt) and all the browsers complained that my website wasn't safe.

I was wondering what was going on with my certificate and I found out when I read this. As my server is Nginx rather than Apache, I had to do a slightly different thing.

I downloaded the Root CA certificate and converted it to pem (I mostly copied an pasted from your blog post):

wget -q -O - http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | openssl x509 -inform der -outform pem > FinalRootCA.pem

Then, I concatenated the certificates:

cat mywebsite.crt GandiStandardSSLCA2.pem FinalRootCA.pem > TheUltimateCertificate.crt

I checked if -----BEGIN CERTIFICATE----- is always at the beginning of the line and in the same line as -----END CERTIFICATE-----. It wasn't so I had to fix it easily: just changing:

-----END CERTIFICATE----------BEGIN CERTIFICATE-----
to -----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

And I saved the fixed version of file TheUltimateCertificate.crt, which is the one I use and it works fine because the browsers say my website is safe:

server { listen 443 ssl; server_name mywebsite.com; ssl_certificate /etc/nginx/ssl-certs/TheUltimateCertificate.crt; ssl_certificate_key /path/to/ssl-certs/mywebsite.key; root /path/to/my/website; index index.php index.html; }

Thank you for making me see the light.