CSS: How to chain SSL certificates outside of CSS before install?

Answered Question
Jul 14th, 2010

Could some one advise on how to chain the certs files outside and before installing to CSS, please.


How to check if the cert files I received are in PEM format?

What program (widows) I use to chain the certificates.

What is the order in which the chaining is done.

Currently all I have is two cert files

xxtrustL1c.crt.txt
xxxx.xxxxxx.net.pfx.txt

and
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00801de89b.shtml

Step by step guidence please.

Sri

I have this problem too.
0 votes
Correct Answer by Gilles Dufour about 6 years 4 months ago

Any text file application would work.

You need to just copy-paste the info correctly and save it as a text file.

Gilles.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Sean Merrow Fri, 07/16/2010 - 11:22

In order to use the chained certificates on the CSS, the server certificate and intermediate must be concatenated together. This allows the CSS to return the entire certificate chain to the client upon the initial SSL handshake. When the chained certificate file is created for the CSS, make sure the certificates are in the proper order. The server certificate must be first, then the intermediate certificate is used to sign the server certificate must be next. The power entry modules (PEM) format is not very strict, and the empty lines between keys or certificates do not matter.

The entire contents of the mychainedrsacert.pem file are shown here with the server cert on the top, followed by the intermediate CA cert. If you need to add the root cert, it would go to the bottom.

-----BEGIN CERTIFICATE -----
BxMKQm94Ym9yb3VnaDEcMBoGA1UEChMTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAG
Binary data of your server certificate
BxMKQm94Ym9yb3VnaDEcMBoGA1UEChMTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAG
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy
aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx
BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg
MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g
TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx
veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O
OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB
4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw
KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV
HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI
ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk
oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB
BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv
1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw
E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa
-----END CERTIFICATE-----

Then you can re-import your new concatenated certificate file.

Hope this helps,

Sean

SSS999888 Mon, 07/19/2010 - 01:37

Thank you Sean.

This helps. But my main question is what application (notepad, wordpad, etc..) to use and how to save the chained file.

I tried this on notepad and word pad and having some issues, probably with paste format and save format.

SS

Correct Answer
Gilles Dufour Mon, 07/19/2010 - 06:44

Any text file application would work.

You need to just copy-paste the info correctly and save it as a text file.

Gilles.

Actions

This Discussion