Certificate chain error fix on Linux

Certificate chain error fix on Linux

When checking your certificate on a site like the one from digicert. I’m often confronted with the following error:

Certificate chain issue

This means that your certificate doesn’t contain the full certification path (and that some parts can’t even be found in the default trusted authority store). To fix this error on a linux PC, navigate to your directory where you saved your .crt file and make sure you also have the other .crt files, that make up the chain, present there.

Next we are going to make one file with all the necessary information in it.

cat certificate.crt > certificate.chained.crt
cat chain01.crt >> certificate.chained.crt
cat chain02.crt >> certificate.chained.crt

The “>>” appends the output to the file on the right. Repeat the last command as often as you need. You should end up with a .crt file with the complete tree. Use this certificate in your configuration.

For instance on nginx:

ssl_certificate         /etc/ssl/certificate.chained.crt;
service nginx reload

Run the test again and this should be the result

Certificate chain fixed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.