-1

I have a SSL-certificate Comodo PositiveSSL.

There are files:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt
domain.com.key
domain_com.crt

Requirements vendor:

The certificate, private key, and certificate chain must be PEM-encoded
/ssl/test1.bx.key.pem
/ssl/test1.bx.cert.pem
/ssl/test1.bx.ca-chain.cert.pyem

Do I create PEM files correctly?

cat COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > domain.com.ca-chain.cert.pem
cat domain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > domain.com.cert.pem
cat domain.com.key domain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > domain.com.key.pem
KimAl
  • 1
  • 1

2 Answers2

0

Do I create PEM files correctly?

No. The key file should not be the result of concatenated files. I don't know your vendor, but I believe domain.com.key = /ssl/test1.bx.key.pem

What I suppose to be expected from your vendor, but I can't be sure of course

/ssl/test1.bx.cert.pem = domain_com.crt

/ssl/test1.bx.ca-chain.cert.pyem = AddTrustExternalCARoot.crt + COMODORSAAddTrustCA.crt + COMODORSADomainValidationSecureServerCA.crt
Eugène Adell
  • 3,089
  • 2
  • 18
  • 34
0

To setup certificates in bitrix env you need to do next:

  1. Concatenate the CAbundle and the certificate file which we sent you using next:

1.1. To concatenate the certificate files into single bundle file, first open domainname.crt and domainname.ca-bundle files using any text editor.

1.2 Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.

1.3 Now save the file name as ‘ssl-bundle.crt’.

  1. Store the bundle and private key in the appropriate nginx ssl folder /etc/nginx/ssl/example_com/

  2. Add this lines to your nginx config:

    ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/domainname.key;
ssl_prefer_server_ciphers on;

  3. Restart nginx running command systemctl restart nginx.service.

Take a look into Comodo Knowledgebase about certificate installation on nginx. They described step-by-step how to install certificates on different web-servers.

Nikolaj Sarry
  • 245
  • 7
  • 18