I've just finished reading over this great thread explaining the different SSL formats.
Now I'm essentially looking for the opposite of How to split a PEM file
There's 4 files I want to consolidate, originally created for Apache, I'm looking at files specified by
- SSLCertificateFile
- SSLCertificateKeyFile
- SSLCertificateChainFile
- SSLCACertificateFile
What I'm mostly curious about is the order of the files in the consolidated dereivative, is that important? EG. if I were to just cat
them together in the order they appear above, into a .pem, would it be valid, or should they be ordered a specific way?
FYI, I'm doing this for sake of using these certs as a combined single .pem in SimpleSAMLphp.
Best Answer
The order does matter, according to RFC 4346.
Here is a quote directly taken from the RFC:
Based on this information, the server certificate should come first, followed by any intermediate certs, and finally the root trusted authority certificate (if self-signed). I could not find any information on the private key, but I think that should not matter because a private key in pem is easy to identify as it starts and ends with the text below, which has the keyword
PRIVATE
in it.