Welcome to Centmin Mod Community
Register Now

SSL Compiled list of SSL certificate file name bundles

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Aug 12, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    1:04 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Starting a thread listing to document all the different SSL certificate types' respective file names that come with their provided bundles - those files SSL providers email to you after you have ordered a SSL certificate.

    So if you use SSL certificate, you can contribute to this thread and provide the filenames you are provided.

    Why Compile A List ?



    Why I want this info ? I might be working on an automated way of creating the Nginx concatenated SSL .crt files via centmin.sh menu option 2, nv command line option and SPDY SSL setup. Specifically the ssl-unified.crt and ssl-trusted.crt file creation.


    I'll start with my SSL certificates and the provider emailed filenames.

    GGSSL/Comodo SSL Wildcard Certificate - RSA 2048bit



    GGSSL/Comodo Wildcard SSL certificate for centminmod.com was created with the normal RSA 2048 bit key algorithm and sha256 signature algorithm and the SSL provider's provided file bundle had the following files.
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    • Your GGSSL Wildcard SSL - STAR_centminmod_com.crt
    So for the Centmin Mod Nginx SPDY SSL configuration the files needed were

    with root CA
    Code:
    cat STAR_centminmod_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > centminmod.com-unified.crt
    
    cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > centminmod.com-trusted.crt
    
    or

    without root CA
    Code:
    cat STAR_centminmod_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > centminmod.com-unified.crt
    
    cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > centminmod.com-trusted.crt
    

    ECC 256bit SSL Wildcard Certificate (GGSSL/Comodo)



    My sslspdy.com uses GGSSL/Comodo Wildcard ECC 256bit SSL certificated and was provided the following files.
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODOECCAddTrustCA.crt
    • Intermediate CA Certificate - COMODOECCDomainValidationSecureServerCA.crt
    • Your SSL Certificate - sslspdy_com.crt
    So for the Centmin Mod Nginx SPDY SSL configuration the files needed were

    with root CA
    Code:
    cat sslspdy_com.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt AddTrustExternalCARoot.crt > sslspdy.com-unified.crt
    
    cat COMODOECCAddTrustCA.crt COMODOECCDomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > sslspdy.com-trusted.crt
    
    without root CA
    Code:
    cat sslspdy_com.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt > sslspdy.com-unified.crt
    
    cat COMODOECCAddTrustCA.crt COMODOECCDomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > sslspdy.com-trusted.crt
    
     
    Last edited: Sep 7, 2015
  2. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    1:04 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    So folks please share what filenames your SSL certificate bundle provided you. Make sure to mention the SSL certificate brand/type you purchased.

    @Matt @RoldanLT @pamamolf ;)
     
  3. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    6:04 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Free Comodo ssl certificate just to test from gogetssl and was working great :)

    Code:
    AddTrustExternalCARoot.crt
    COMODORSAAddTrustCA.crt
    COMODORSADomainValidationSecureServerCA.crt
    mydomain_com.crt   
    ssl-unified.crt <--- And i create this
    
     
    Last edited: Aug 12, 2015
  4. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    1:04 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ssl-unified.crt - they included that in the bundled they emailed you ? or you created that file ?
     
  5. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    6:04 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Ops sorry yes i create it :)

    Above post edited :)
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    1:04 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I see.. thought SSL providers were getting smarter and doing it for us :D
     
  7. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    11:04 PM
    Mainline
    10.2
    COMODO RSA Domain Validation Secure Server CA
     
  8. Matt Williams

    Matt Williams WordPress Fanatic

    537
    104
    43
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +157
    Local Time:
    11:04 AM
    latest
    10
    These are always the same for me when using a nginx SSL. Sometimes, I get customers that come from cPanel and I use their existing SSL generated through cPanel because they don't want to buy another one. That's why im excited about Letsecrypt!
     
  9. cloud9

    cloud9 Premium Member Premium Member

    431
    117
    43
    Oct 6, 2015
    England
    Ratings:
    +217
    Local Time:
    4:04 PM
    1.25.3
    10.6.x
    COMODO PositiveSSL (from NameCheap)

    Generated csr and key files

    mydomain.co.uk.csr and mydomain.co.uk.key

    Filled in the details at name cheap and got the following email from commodo (after uploading a text file to the root domain)

    mydomain_co_uk.zip

    Containing

    mydomain_co_uk.ca-bundle
    mydomain_co_uk.crt

    used the concat command and generated the ssl files

    Only thing is nginx failed to start - file not found error so renamed my mydomain_co_uk.crt to mydoman.co.uk.crt

    Nginx now starts and ssl all good (not sure if the last bits relevant but seems the _ needed changing to .'s)
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    1:04 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers thanks for sharing :)
     
  11. nqservices

    nqservices Member

    70
    14
    8
    Jun 17, 2016
    Ratings:
    +28
    Local Time:
    4:04 PM
    Hi,

    Strange.. In my case im also using a Comodo Positive SSL from Namecheap and i received the 2 following files:

    app_mydomain_com.ca-bundle
    app_mydomain_com.crt

    I follow the steps described at: Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS and i did not had the need to change the .crt file character "_" to ".".

    My SSL Certificate seems to be working propely.

    Im running CentminMOD V1.2.3-Eva2000.08 with CentOS 7 64bit on a OpenVZ VPS server.

    I guess it works both ways (did not test changing _ to . so i can't tell if it will work on my server in i had changed the _ to .)
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    1:04 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    the file names for original provided files from ssl provider don't matter just make sure concat those filenames and should be fine
     
  13. deltahf

    deltahf Premium Member Premium Member

    581
    264
    63
    Jun 8, 2014
    Ratings:
    +482
    Local Time:
    11:04 AM
    Looks like I'm the only one not using Comodo here, so maybe this will be useful. :D

    RapidSSL Standard purchased via GoGetSSL:
    Code (Text):
    www_mydomain_com.crt
    www_mydomain_com.ca-bundle