Creating a single .pem file for web server SSL
Solution 1
Depending on which type of certificate you have, go to https://certs.godaddy.com/Repository.go and download the appropriate intermediate certificate chain (one of the .crt
files, most likely this one). Paste that into your PEM file along with your own certificate and key.
Solution 2
Your creation of the .pem
file is fine. If it wasn't then HTTP server is unlikely to start.
Assuming that you have a GoDaddy root certificate in your browser's trusted certs, then the certificate that they have provided you is what's known as a "chained" certificate. This means that it hasn't been signed directly by their root. It is signed by an intermediatory CA which in itself is signed by the root.
In order for your browser to trust the chained certificate it needs to know of all certificates in the chain. In Apache this is accomplished with the SSLCertificateChainFile
directive, which pushes the other certificates in the chain to the client during the SSL handshake process.
You'll need to find a substitute for this directive in Mongoose. The manual doesn't appear to indicate how. You may find that placing the chain certificate(s) at the end of the PEM to help.
Related videos on Youtube
xyz
Updated on September 17, 2022Comments
-
xyz over 1 year
To use SSL, the web server that I am using requires the location of a single .pem file (-ssl_cert xyz.pem)
I have a certificate issued by GoDaddy. They gave me the file:
banana.crt
The preceding certificate request was created using a private key I generated
banana.key
Googling seems to suggest that creating a .pem file is as simple as concatenating them.
cat banana.key banana.crt > banana.pem
Unfortunately, starting the server with banana.pem, and visiting it with Safari tells me:
Issued by: Go Daddy Secure Certificate Authority
This certificate was signed by an unknown authority
What's going wrong? Have I or GoDaddy screwed something up in the creation of the certificate, or do I somehow have to mix something from here in to my .pem file?
I'm visiting with a fully up to date OS X Leopard + Safari installation.
-
xyz over 14 yearsThank you. Are one or multiple of those from the [here] link in my question the chain certificates?
-
Dan Carley over 14 yearsYep, should be one of those. You might find the output from
openssl x509 -issuer -noout < banana.crt
assists you in identifying which one specifically.