8

I've just generated a SSL certificate with go daddy and I've downloaded the files:

mydomain.com.crt gd_bundle.crt

I'm now going to combine them but it is not clear what's the 2nd certificate is.

Thanks

aneuryzm
  • 1,714
  • 5
  • 26
  • 41

1 Answers1

9

It's several certificates grouped together, that all need to be installed to make sure the one you're trying to use is fully trusted.

Rob Moir
  • 31,884
  • 6
  • 58
  • 89
  • 8
    Yes. To expand on this: your browser contains a few dozen self-signed CA certificates that it trusts. However, not all CAs use these certificates directly. Instead, they delegate their authority to an intermediate CA. That way, they don't have to use the root certificate on a daily basis, which reduces the chance of it getting compromised. If the intermediate CA gets compromised, or they just want to do a routine rotation, it's less of a big deal, because they can just revoke and issue a new one themselves without having to coordinate with browser vendors. – dfranke Nov 11 '10 at 18:54
  • 7
    However, since browsers don't already know about the intermediate CA, you need to send it to them along with your own site certificate. That's why you need gd_bundle.crt. – dfranke Nov 11 '10 at 18:55
  • 1
    Correcting @dfranke: your browser *or OS* contains a few dozen *root* certificates. These are *not* self signed certificates. The rest of dfranke's answer is correct: root certificates aren't used to sign regular certs, only tocreate intermediaries, which are used to sign certs. – mikemaccana Jan 30 '18 at 10:51