Clarification on certificate bundle vs certificate chain

Question

I'm in need of a clarification about SSL certificates, I have the general picture, but I'm not quite sure about all the moving parts.

The specific issue I'm dealing with is about an Active Directory server certificate and an appliance that needs to establish a connection over LDAP.

The appliance requires an input to configure the above that contains both the server certificate and the CA certificate. Is that called a certificate bundle or a certificate chain? Are those two different things or are they synonymous?

By the way, I'm not the person configuring the appliance hence I can't be more specific about the input it requires. During the configuration I was asked to provide "whatever is between the BEGIN and END CERTIFICATE, which I can see via OpenSSL.

I'm assuming it would be possible to provide a single file containing both strings, but I'm not quite sure about that.

Answer 1

Normally a certificate bundle refers to a bundle of Certificate Authority certificates, like this one https://curl.se/ca/cacert.pem included with cURL.

A certificate chain usually means a server certificate and its intermediary certificate chain, all included in the same file or not, depending what options your software offers to configure this.

For example, the Apache HTTP server can be configured with different files for the server certificate and certificate chain.

A certificate chain sometimes can include the matching private key for the leaf certificate too.

If your appliance only needs to verify the SSL certificate of your AD/LDAP server, you only need to provide the CA cert and if your AD/LDAP cert is self-signed then the server certificate itself without the private key.