I concatenated both Gandi's intermediate certificate (https://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem) and my website certificate (mywebsite.crt) and all the browsers complained that my website wasn't safe.
I was wondering what was going on with my certificate and I found out when I read this. As my server is Nginx rather than Apache, I had to do a slightly different thing.
I downloaded the Root CA certificate and converted it to pem (I mostly copied an pasted from your blog post):
I checked if -----BEGIN CERTIFICATE----- is always at the beginning of the line and in the same line as -----END CERTIFICATE-----. It wasn't so I had to fix it easily: just changing:
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
to
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
And I saved the fixed version of file TheUltimateCertificate.crt, which is the one I use and it works fine because the browsers say my website is safe:
server {
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/nginx/ssl-certs/TheUltimateCertificate.crt;
ssl_certificate_key /path/to/ssl-certs/mywebsite.key;
root /path/to/my/website;
index index.php index.html;
}
I concatenated both Gandi's intermediate certificate (https://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem) and my website certificate (mywebsite.crt) and all the browsers complained that my website wasn't safe.
I was wondering what was going on with my certificate and I found out when I read this. As my server is Nginx rather than Apache, I had to do a slightly different thing.
I downloaded the Root CA certificate and converted it to pem (I mostly copied an pasted from your blog post):
wget -q -O - http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | openssl x509 -inform der -outform pem > FinalRootCA.pem
Then, I concatenated the certificates:
cat mywebsite.crt GandiStandardSSLCA2.pem FinalRootCA.pem > TheUltimateCertificate.crt
I checked if -----BEGIN CERTIFICATE----- is always at the beginning of the line and in the same line as -----END CERTIFICATE-----. It wasn't so I had to fix it easily: just changing:
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
to -----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
And I saved the fixed version of file TheUltimateCertificate.crt, which is the one I use and it works fine because the browsers say my website is safe:
server { listen 443 ssl; server_name mywebsite.com; ssl_certificate /etc/nginx/ssl-certs/TheUltimateCertificate.crt; ssl_certificate_key /path/to/ssl-certs/mywebsite.key; root /path/to/my/website; index index.php index.html; }
Thank you for making me see the light.