A journey of a thousand sites begins with a single click. Author Unknown

When installing PositiveSSL certificates on cPanel servers, I always add the CA bundle to ensure that no browsers complain about the certificate.

Some browsers will complain that the Certificate isn’t from a Trusted Authority. This is because browsers have a built-in list of “trusted certificate authorities”, some certificate authorities are not included in these lists.

In order for a certificate authority to be able to sell certificates, they had to be vouched for by another certificate authority that is trusted. This “chain of trust” is represented by the CA bundle.

In a recent PositiveSSL certificate that I purchased, the bundle file contents were slightly different than normal. The bundle file in my case is a ZIP file that comes in the email along with the SSL certificate, the ZIP file contained the following files.

-rw-rw-rw-@  1 empty  staff  1521 30 May  2000 AddTrustExternalCARoot.crt
-rw-rw-rw-@  1 empty  staff  1952 30 May  2000 COMODORSAAddTrustCA.crt
-rw-rw-rw-@  1 empty  staff  2151 12 Feb 01:00 COMODORSADomainValidationSecureServerCA.crt
-rw-rw-rw-@  1 empty  staff  2277 12 Jun 00:00 domain_com.crt

To create the CA bundle to import into CPanel run the following command.

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > comodobundle.txt

When you install your SSL certificate into cPanel, paste the contents of the newly created comodobundle.txt file into the “Certificate Bundle Authority (optional)” box.

No more SSL browser error messages :-)