bundle file for Comodo’s PositiveSSL / apache2 + mod_ssl

generating csr is easy and well documented:

openssl genrsa 2048 > your_domain_com.key
# common name should be equal to the domain name 
openssl req -new -key your_domain_com.key > your_domain_com.csr

but even comodo’s own help website is not up-to-date and provides bundle-creation that refers to files that are no longer sent to the clients. internet is full of examples that sort of work but fail some of online ssl certificate validators.

something that worked for me – in zip-file containing signed cert you’ll find:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
your_domain_com.crt

to create a bundle run:

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

and in apache’s config add

SSLCertificateKeyFile /etc/apache2/ssl/your_domain_com.key
SSLCertificateFile /etc/apache2/ssl/your_domain_com.crt
SSLCertificateChainFile /etc/apache2/ssl/ssl-bundle.crt

for nginx:

cat my_domain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

Leave a Reply

Your email address will not be published. Required fields are marked *

 

(Spamcheck Enabled)