openssl – part 2

usually when you get SSL Certificate, you will get multiple cert files which can be confusing.

they mostly contains a

  1. CA (Certificate Authority)
  2. Trusted Cgain
  3. Organizer
  4. domain cer (your main certificate file with your domain name on it)
  5. domain private key (your private key which you created when you where requesting for SSL

if you want to combine all of these certificate and create a so called certificate bundle or store, you should first concatenate ROOT certificate authority or CA file with chain 1 (Trusted Chain) and Chain 2 (Organizer).

$ cat chain1 chain2 root > bundle.cer

then you can verify it with

$ openssl verify -verbose -purpose sslserver -cafile bundle.cer domain.cer

now create a key store (PKCS12) from the bundle and private key

$ openssl PKCS12 -export -out domain.pfx -inkey private.key -in domain.cer -cert bundle.cer