How to build the certificate chain (CA Bundle) for your SSL certificate

system

If you are not provided with a full or valid certificate chain for your SSL certificate it is possible to create your own chain using the server certificate that you did receive.

It is also common that the certificate chain provided by your CA will result in an error when uploading to LogonBox, therefore it is often best to rebuild the certificate bundle file yourself manually.

Luckily this is easy to do from a Windows client machine.

 

Double click the signed certificate from a Windows system and select the Certification Path tab.

You should see the full certificate chain here, which often includes a CA root at the top, with an intermediate certificate in the middle, with your signed cert at the bottom.


At the bottom will be the certificate you are currently viewing, select a certificate above this (usually the intermediate) and select the View Certificate option.


The same type of window will open but now with the newly opened certificate details.

Select the Details tab and the the Copy to File option.


A certificate export wizard will open, select the Base-64 encoded X.509 (.CER) option, set an identifying name (for example intermediate.cer) and then complete the wizard and the file will be exported. Repeat these steps for the certificate at the top of the list (CA Root).


Open the exported certificates from the chain in a text editor, you will need to condense all of the files into one output, start with the first intermediate certificate at the top and end with the root certificate at the bottom.

Save this file.




When uploading your certificate you can now use this as the Certificate Chain (CA Bundle) file.