GeoTrust/RapidSSL: Whats the meaning of the various certificate .CER files ?

ServerCertificate.cer = Certificate specifically for your domain / wildcard
CACertificate-1.cer = RapidSSL intermediate certificate
CACertificate-2.cer = GeoTrust CA Root certificate

For requesting the certificate, a .CSR and a private-key .KEY file have been created. - The CSR has been required for requesting the certificate and remains unused later. The private-key file is required for installation.

Important: it will only work when using ServerCertificate.cer together with the private-key that has been created together with the CSR that was used for ordering the SSL certificate. CSR/KEY/CER pairs need to be matching !

Example settings for correct certificate/key usage in Apache:

SSLCertificateFile /home/user/ssl/ServerCertificate.cer
SSLCertificateKeyFile /home/user/ssl/privatekey.key
SSLCertificateChainFile /home/user/ssl/CACertificate-1.cer

The file CACertificate-2.cer ist the root certificate. Usually all common servers already have this installed in their certificate CA store. Some server types, like nginx, do require installation of both CACertificate-1.cer *and* CACertificate-2.cer in correct order, hence the numbering in the file names.


Was this answer helpful?

 Print this Article

Also Read

Windows/IIS/MMC: What do to with "Error HRESULT: 0x80070520"?

In very rare cases this error might show up during installation on Windows Server. The cryptic...

An error has occured: [2011296] CSR is invalid

This error messgae is typically shown when the field "COMMON NAME" inside the CSR doesn't have a...

'Broken Certificate Chain' error message

The SSL certificate chain typically consists of:ROOT Certificate INTERMEDIATE Certificate...

Can i redirect non-SNI capable web browsers to an alternative site?

YES, it's possible to redirect non-SNI capable browsers (Internet Explorer auf Windows XP). -...

ASN1 bad tag value met. 0x8009310b

Question: I get CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met....