Following yet another super-insightful Roots article on SSL Certificates by @ben.
I went to the Comodo website and–my people in Clifton, New Jersey–they were super-helpful!
I noticed that the certificate I download from certificatechain.io is slightly different than the one their tech guy had me assemble and wanted to check in with y’all.
With certificatechain.io you input the -----RSA PRIVATE KEY-----
and it builds a crt that starts with that key, followed by the pem
info from the following two files downloadable from the Comodo Knowledgebase page:
- comodorsadomainvalidationsecureserverca.crt
- comodorsaaddtrustca.crt
My man Ron at comodo said that for different web servers the required format is different, but that for nginx you also want to include the contents of addtrustexternalcaroot.crt
(AddTrustExternalCARoot).
Additionally he mentioned that “Some nginx require also the private key”, which I presume is why with trellis we include both:
ssl:
enabled: true
cert: ~/ssl/example_com.crt
key: ~/ssl/example_com.key
Ben’s article is from a couple of years ago and I’m not sure if
- things have changed
- Ron with Comodo was incorrect
- It works with or without
AddTrustExternalCARoot
or - Yea but this is different
Input and clarification, as always, hoped for.
What would I be without you?