How to use chain.p7b with Apache

apache-2.2ssl-certificate

I wanted to setup a SSL website on Apache and applied for a certificate from my local ISP. All they sent me was a single file named chain.p7b.

I have always used certificates from other vendors without any issues but they usually provide two files to be configured as SSLCertificateFile and SSLCertificateChainFile in Apache.

Following instructions from several online resources, I opened the p7b file in Windows and extracted 4 certificates from the file. I then tried configuring Apache with one of the files and it worked, but shows a warning: The certificate is not trusted because no issuer chain was provided.

I though I have to use remaining 3 files as SSLCertificateChainFile and/or SSLCACertificateFile. I tried that but it didn't work so I am assuming it might be something completely different.

Anyone faced this issue before?

The following page http://www-01.ibm.com/support/docview.wss?uid=swg21458997 talks about using a keystore but is that relevant to Apache?

Best Answer

You'd need to find out:

  1. what kind of certificates does the Apache web server accept

    SSLCertificateChainFile Directive

    This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.

  2. what is a p7b file

    Certificate filename extensions

    .p7b, .p7c – PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)

  3. what tools can convert from a p7b to a PEM encoded certificate

Related Topic