A journey of a thousand sites begins with a single click. Author Unknown
When installing PositiveSSL certificates on cPanel servers, I always add the CA bundle to ensure that no browsers complain about the certificate.
Some browsers will complain that the Certificate isn’t from a Trusted Authority. This is because browsers have a built-in list of “trusted certificate authorities”, some certificate authorities are not included in these lists.
In order for a certificate authority to be able to sell certificates, they had to be vouched for by another certificate authority that is trusted. This “chain of trust” is represented by the CA bundle.
In a recent PositiveSSL certificate that I purchased, the bundle file contents were slightly different than normal. The bundle file in my case is a ZIP file that comes in the email along with the SSL certificate, the ZIP file contained the following files.
-rw-rw-rw-@ 1 empty staff 1521 30 May 2000 AddTrustExternalCARoot.crt -rw-rw-rw-@ 1 empty staff 1952 30 May 2000 COMODORSAAddTrustCA.crt -rw-rw-rw-@ 1 empty staff 2151 12 Feb 01:00 COMODORSADomainValidationSecureServerCA.crt -rw-rw-rw-@ 1 empty staff 2277 12 Jun 00:00 domain_com.crt
To create the CA bundle to import into CPanel run the following command.
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > comodobundle.txt
When you install your SSL certificate into cPanel, paste the contents of the newly created
comodobundle.txt file into the “Certificate Bundle Authority (optional)” box.
No more SSL browser error messages :-)