Host .p7b HTTPS certificate in nginX

linux ssl nginx

11,386

They both contain the same data (mostly), in different formats. Nginx will want the "plain" .crt format, but not all CAs include the necessary data in it, so it's possible that you'll need to convert from .p7b anyway. (See also https://superuser.com/a/123327/1686.)

The ssl_certificate file has two requirements:

For nginx (and many other services), it must be in textual aka "PEM-encoded" format, with the BEGIN CERTIFICATE headers.

Sometimes .cer files are in binary format. Check with a text editor; you can use openssl x509 -inform DER < thing.cer > thing.crt to convert to the textual format.
The certificate file must also contain the chain of intermediate certificates – again, open with a text editor (or use certtool -i).

Some CAs include them as separate files instead, in which case they'll need to be concatenated together (your certificate first, followed by intermediates).

Since you also got the same certificates in a .p7b file, it might be most foolproof to convert that to a PEM certificate file:

openssl pkcs7 [-inform DER] -print_certs < thing.p7b > fullchain.crt

The resulting .crt file should have everything neccessary.

11,386

Michael

Updated on September 18, 2022

Comments

Michael almost 2 years
We have a requirement to change webservices from HTTP to HTTPS, so we generated .csr and provided to our client and got back .p7b and .cer files in return to use them in nginX hosted on linux server.

I am new to nginX and as per my understanding, .p7b and .cer both are certificate files but i am confused about which one should I use in ssl_certificate parameter or do I need to concatenate both files and pass resultant file to ssl_certificate to serve the purpose?
```
server {

listen   443;
ssl    on;
ssl_certificate    /etc/ssl/your_domain_name.pem; (or bundle.crt)
ssl_certificate_key    /etc/ssl/your_domain_name.key;

server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root   /home/www/public_html/your.domain.com/public/;
index  index.html;
}

}
```
I am following different links along this this link but could not find proper answer.

Can anyone please tell me in detail how should I use them?

PS: Shifting Question from StackOverFlow to SuperUser.
- Seth about 7 years
  
  Which link? Why not include a reference to the SO question? Why not ask for a migration of the SO post? Have a look here you will likely need to convert/merge/extract information from both files in order to generate the files you really need. As you can already see from the documentation has some information on this.
- Kamil Maciorowski about 7 years
  
  The question belongs to unregistered user; there's also an edit attempt from anonymous user. To the author: if it's you who tried to edit the question, please register, then contact the Stack Exchange Team (this link may be helpful) and claim ownership of the question. As a registered user you can edit your own question.