How to create a certificate chain

To create a certificate chain, it is enough to place the contents of the intermediate and root certificates consecutively into one file with the .ca-bundle extension.

For example, a certification authority has provided the following files:

• domain.crt — domain certificate.
• intermediate_crt3.crt — intermediate certificate 3.
• intermediate_crt2.crt — intermediate certificate 2.
• intermediate_crt1.crt — intermediate certificate 1.

• ca_root.crt — root certificate.

  Do not use a domain certificate to create a certificate chain.

To create a certificate cycle:

1. Open the files in a text editor.
2. Create a new file with the .ca-bundle extension.
3. Copy the contents of each file in the following sequence to the newly created file:
   • intermediate certificate 3.
   • intermediate certificate 2.
   • intermediate certificate 1.
   • root certificate.
4. Save the changes.
5. Upload the certificate chain to ispmanager.

To verify that the trust chain is formed correctly, connect to the server via SSH and run the command:

openssl s_client -connect YOUR_DOMAIN:443 -servername YOUR_DOMAIN

If the trust chain is configured correctly, the output will read Verify return code: 0 (ok).