Discover Centmin Mod today
Register Now

SSL Compiled list of SSL certificate file name bundles

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Aug 12, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:41 AM
    Nginx 1.13.x
    MariaDB 5.5
    Starting a thread listing to document all the different SSL certificate types' respective file names that come with their provided bundles - those files SSL providers email to you after you have ordered a SSL certificate.

    So if you use SSL certificate, you can contribute to this thread and provide the filenames you are provided.

    Why Compile A List ?



    Why I want this info ? I might be working on an automated way of creating the Nginx concatenated SSL .crt files via centmin.sh menu option 2, nv command line option and SPDY SSL setup. Specifically the ssl-unified.crt and ssl-trusted.crt file creation.

    I'll start with my SSL certificates and the provider emailed filenames.

    GGSSL/Comodo SSL Wildcard Certificate - RSA 2048bit



    GGSSL/Comodo Wildcard SSL certificate for centminmod.com was created with the normal RSA 2048 bit key algorithm and sha256 signature algorithm and the SSL provider's provided file bundle had the following files.
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODORSAAddTrustCA.crt
    • Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
    • Your GGSSL Wildcard SSL - STAR_centminmod_com.crt
    So for the Centmin Mod Nginx SPDY SSL configuration the files needed were

    with root CA
    Code:
    cat STAR_centminmod_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > centminmod.com-unified.crt
    
    cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > centminmod.com-trusted.crt
    
    or

    without root CA
    Code:
    cat STAR_centminmod_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > centminmod.com-unified.crt
    
    cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > centminmod.com-trusted.crt
    

    ECC 256bit SSL Wildcard Certificate (GGSSL/Comodo)



    My sslspdy.com uses GGSSL/Comodo Wildcard ECC 256bit SSL certificated and was provided the following files.
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODOECCAddTrustCA.crt
    • Intermediate CA Certificate - COMODOECCDomainValidationSecureServerCA.crt
    • Your SSL Certificate - sslspdy_com.crt
    So for the Centmin Mod Nginx SPDY SSL configuration the files needed were

    with root CA
    Code:
    cat sslspdy_com.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt AddTrustExternalCARoot.crt > sslspdy.com-unified.crt
    
    cat COMODOECCAddTrustCA.crt COMODOECCDomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > sslspdy.com-trusted.crt
    
    without root CA
    Code:
    cat sslspdy_com.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt > sslspdy.com-unified.crt
    
    cat COMODOECCAddTrustCA.crt COMODOECCDomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > sslspdy.com-trusted.crt
    

     
    Last edited: Sep 7, 2015
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:41 AM
    Nginx 1.13.x
    MariaDB 5.5
    So folks please share what filenames your SSL certificate bundle provided you. Make sure to mention the SSL certificate brand/type you purchased.

    @Matt @RoldanLT @pamamolf ;)
     
  3. pamamolf

    pamamolf Well-Known Member

    2,670
    240
    63
    May 31, 2014
    Ratings:
    +425
    Local Time:
    3:41 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Free Comodo ssl certificate just to test from gogetssl and was working great :)

    Code:
    AddTrustExternalCARoot.crt
    COMODORSAAddTrustCA.crt
    COMODORSADomainValidationSecureServerCA.crt
    mydomain_com.crt   
    ssl-unified.crt <--- And i create this
    
     
    Last edited: Aug 12, 2015
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:41 AM
    Nginx 1.13.x
    MariaDB 5.5
    ssl-unified.crt - they included that in the bundled they emailed you ? or you created that file ?
     
  5. pamamolf

    pamamolf Well-Known Member

    2,670
    240
    63
    May 31, 2014
    Ratings:
    +425
    Local Time:
    3:41 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Ops sorry yes i create it :)

    Above post edited :)
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:41 AM
    Nginx 1.13.x
    MariaDB 5.5
    I see.. thought SSL providers were getting smarter and doing it for us :D
     
    • Informative Informative x 1
  7. RoldanLT

    RoldanLT Well-Known Member

    3,875
    946
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,290
    Local Time:
    8:41 AM
    1.11
    10.2
    COMODO RSA Domain Validation Secure Server CA
     
    • Like Like x 1
  8. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    8:41 PM
    latest
    10
    These are always the same for me when using a nginx SSL. Sometimes, I get customers that come from cPanel and I use their existing SSL generated through cPanel because they don't want to buy another one. That's why im excited about Letsecrypt!
     
    • Like Like x 1
  9. cloud9

    cloud9 Premium Member Premium Member

    140
    54
    28
    Oct 6, 2015
    England
    Ratings:
    +75
    Local Time:
    1:41 AM
    1.11.x
    10.x
    COMODO PositiveSSL (from NameCheap)

    Generated csr and key files

    mydomain.co.uk.csr and mydomain.co.uk.key

    Filled in the details at name cheap and got the following email from commodo (after uploading a text file to the root domain)

    mydomain_co_uk.zip

    Containing

    mydomain_co_uk.ca-bundle
    mydomain_co_uk.crt

    used the concat command and generated the ssl files

    Only thing is nginx failed to start - file not found error so renamed my mydomain_co_uk.crt to mydoman.co.uk.crt

    Nginx now starts and ssl all good (not sure if the last bits relevant but seems the _ needed changing to .'s)
     
    • Like Like x 1
  10. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:41 AM
    Nginx 1.13.x
    MariaDB 5.5
    cheers thanks for sharing :)
     
  11. nqservices

    nqservices Member

    65
    13
    8
    Jun 17, 2016
    Ratings:
    +27
    Local Time:
    1:41 AM
    1.11.1
    MariaDB 10
    Hi,

    Strange.. In my case im also using a Comodo Positive SSL from Namecheap and i received the 2 following files:

    app_mydomain_com.ca-bundle
    app_mydomain_com.crt

    I follow the steps described at: Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS and i did not had the need to change the .crt file character "_" to ".".

    My SSL Certificate seems to be working propely.

    Im running CentminMOD V1.2.3-Eva2000.08 with CentOS 7 64bit on a OpenVZ VPS server.

    I guess it works both ways (did not test changing _ to . so i can't tell if it will work on my server in i had changed the _ to .)
     
    • Informative Informative x 1
  12. eva2000

    eva2000 Administrator Staff Member

    29,719
    6,711
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,015
    Local Time:
    10:41 AM
    Nginx 1.13.x
    MariaDB 5.5
    the file names for original provided files from ssl provider don't matter just make sure concat those filenames and should be fine
     
  13. deltahf

    deltahf Active Member

    207
    101
    43
    Jun 8, 2014
    Ratings:
    +154
    Local Time:
    8:41 PM
    Looks like I'm the only one not using Comodo here, so maybe this will be useful. :D

    RapidSSL Standard purchased via GoGetSSL:
    Code (Text):
    www_mydomain_com.crt
    www_mydomain_com.ca-bundle
    
     
    • Like Like x 1