SSL-Certs

As you probably know by now, i have my certificates issued by CAcert – they issue free certificates (after they ensured you own a domain), and support many nice features like wildcards domains and SubjectAltNames, so you need only one certificate for many domain names.

They have some nice scripts to help you generating the CSR (Certificate Signing Request):

  • http://wiki.cacert.org/wiki/CSRGenerator
  • http://wiki.cacert.org/wiki/VhostTaskForce#EasywaytogenerateCSRswithsubjectAltNames

Now i assume you have the following files:

  • example_privatekey.pem – the private key
  • example_csr_pem – the CSR you uploaded to CAcert.org, your software doesn’t need it.
  • example_crt.pem – the certificate you got
  • root.crt and class3.crt from http://www.cacert.org/index.php?id=3 (PEM Format)

Now, different software wants that files in different combinations.

  • Intermediate Certificates: this are all certificates except your custom one. In this case root.crt and class3.crt, so just do:
    cat root.crt class3.crt > ca.crt
    and use ca.crt for this (in lighttpd this is the ssl.ca-file); you can of course reuse that file for other certificates from CAcert.
  • Privatekey: you already have that file
  • Certificate: example_crt.pem
  • Key and certificate in one file:
    cat example_privatekey.pem example_crt.pem > example_server.pem
    and use example_server.pem for this (in lighttpd this is the ssl.pemfile)
Generated using nanoc and bootstrap - Last content change: 2011-06-10 07:41