I've been using a certificate that's stored on the server in a myserver.pfx file.
However, behavior is not the same in all browsers and some complain on account of, I think, a missing 'intermediate' certificate.
I've downloaded the intermediate certificate from Gandi: GandiStandardSSLCA.pem
Now, my question is, how can I add that intermediate certificate into the pfx file?
Although the server is windows, I'm trying to use openssl on a linux machine to manipulate the certificates, just because that's where I have openssl available. I'm assuming this doesn't matter.
One thing I've tried, is to use openssl to export myserver.pfx to myserver.pem, a text file. Then, with a text editor, I've added the text of GandiStandardSSLCA.pem to myserver.pem in hopes of then converting back to pfx format. However, I couldn't get openssl to do that conversion back to pfx.
Is this possible? If so, at the text editing stage, does it matter if the intermediate certificate text goes at the beginning or the end? Also, would I need to manufacture 'Bag Attributes' somehow?
Or, is the whole operation done in one line with openssl?
Best Answer
The .pfx file can be prepared by exporting the intermediate certificate .pem file with the below command example.
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt
Reference: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/