Due to the limitations on select browsers and mobile devices, Certificate Authorities often do not have their Intermediate Certificates deployed for various reasons such as size limitations. Without these Intermediate Certificates being either installed on their device(s) or exchanged with the end-user via the SSL Handshake, the connection on such devices can be deemed “Untrusted”.
To combat such issues as highlighted above, webmasters are encouraged to install the Intermediate Certificates provided by the Certificate Authority during the SSL Installation process on the servers they wish to have connections handled. Seems simple, right?
In some cases, the Certificate Authority will provide multiple intermediate certificates, but the server might only have the ability to support one Intermediate Certificate file. To combat this, the webmaster would need to combine the Intermediates provided into one single “.CRT” often referred to as the “CABundle”.
The Certificate Authority usually provides their own "CABundle" file containing all of the intermediate certificates you need, but you can create your own bundle file by combining the individual intermediate certificates in a text editor like Notepad.
What You’ll Need
1. Your certificate files
Depending upon the Certificate Authority the Intermediates delivered can be different than what is showcased below, but the application should be similar if not the same if you have purchased from Sectigo (formerly Comodo).
Within the “.zip” download provided by the Certificate Authority, you will find a list of all the files necessary to install the SSL Certificate minus the Private Key. In this instance you will find we have:
- domain_com.crt (your domain certificate)
- SectigoRSADomainValidationSecureServerCA.crt (Intermediate)
- USERTrustRSAAddTrustCA.crt (Intermediate)
- AddTrustExternalCARoot.crt (Root)
For this step, you will be copying and pasting the certificate plain text codes into a single Notepad file in a specific order. Please note that for many server types you will only need to combine the intermediate certificates, but other servers may require all 4 files combined into one.
If you need to include your domain certificate in this file, make sure it is the first certificate listed in the Notepad file. If you are not including the domain certificate, start with the first Intermediate instead.
1. Open the 1st Intermediate File
Right click the SectigoRSADomainValidationSecureServerCA.crt and select to open this certificate with a Word Processor application (i.e. Notepad / Text Editor) so that your editor appears similar to the screenshot below.
At the end of the document, after "-----END CERTIFICATE-----" insert a line break by pressing “Enter.”
2. Open the 2nd Intermediate File and Copy/Paste
Open the USERTrustRSAAddTrustCA.crt in a manner similar to above. Once opened, copy all the contents and paste all the contents to the end of the 1st Intermediate so it appears as captured below.
3. Repeat the process one more time for the AddTrustExternalCARoot.crt file.
You should now have all 3 certificates open in a single notepad file, one after the other.
4. Save as One File
If everything appears similar to the above example, proceed to save this file with a name that is easily identifiable such as "domain_CAbundle.crt" so you can find this with ease during the installation process.
After completing the above, your team should have everything needed to perform the installation of the SSL Certificate purchased.