As you probably know by now, i have my certificates issued by CAcert – they issue free certificates (after they ensured you own a domain), and support many nice features like wildcards domains and SubjectAltNames, so you need only one certificate for many domain names.
They have some nice scripts to help you generating the CSR (Certificate Signing Request):
Now i assume you have the following files:
- example_privatekey.pem – the private key
- example_csr_pem – the CSR you uploaded to CAcert.org, your software doesn’t need it.
- example_crt.pem – the certificate you got
- root.crt and class3.crt from http://www.cacert.org/index.php?id=3 (PEM Format)
Now, different software wants that files in different combinations.
- Intermediate Certificates: this are all certificates except your custom one. In this case root.crt and class3.crt, so just do:
cat root.crt class3.crt > ca.crtand use
ca.crtfor this (in lighttpd this is the ssl.ca-file); you can of course reuse that file for other certificates from CAcert.
- Privatekey: you already have that file
- Certificate: example_crt.pem
- Key and certificate in one file:
cat example_privatekey.pem example_crt.pem > example_server.pemand use
example_server.pemfor this (in lighttpd this is the ssl.pemfile)