Chaining issue while creating SSL certificate? [Solved]

Is your certificate icon locked looks good but still got chaining issue? Well, if so you are at the right place ?. Let me help you on this part. Simply, chaining issue mean, you have not connected intermediate certificate with your main domain certificate. Also, it might be because of private certificate issue. Here I show you how you can generate private key and certificate along with intermediate certificate.

Create ssl_certificate_key

Let’s first create ssl_certificate_key. Use following command to create private.key file. You can directly enter password in the command adding -passin pass as shown below or you can escape and type password later as well.

openssl pkcs12 -in yourPFXFile.pfx  -nocerts -nodes -passin pass:Enter_your_password | openssl rsa -out private.key

Create ssl_certificate

Let’s create ssl_certificate using following command.

openssl pkcs12 -in yourPFXFile.pfx -clcerts -nokeys -out domain.crt

Now you will need Intermediate certificate which you can download while purchasing SSL. Once you get Intermediate.crt file, use following command to generate ssl_certificate file.

cat domain.crt Intermediate.crt >> certificate.pem

Move certificates to your server

Move certificate.pem and private.key files to /etc/nginx/ssl folder. If you don’t have ssl folder, create it. By default, ssl folder is not available. If you have created certificate.pem and private.key file in your computer, first upload those files to your online server. Using cpanel or directadmin, you can easily upload those files. Once you upload it, get link of those files. Let me know if you are confused on this part.

Use following command to upload .pem and .key files to your server.

cd /etc/nginx/ssl

sudo wget https://www.santoshm.com.np/certificates/certificate.pem

sudo wget https://www.santoshm.com.np/certificates/private.key

sudo chmod 400 *

Make sure you type sudo before downloading those files. Finally, change mode of files within ssl folder to 400. 400 * will make all files of ssl readable only.

Update NGINX Default file

sudo nano /etc/nginx/sites-available/default

server {
    listen 443 ssl;
    ssl on;

    server_name your_domain_name;
    root /home/sikka/projects/project1/retail/public;

    index index.html index.htm index.php;
 
    ssl_certificate /etc/nginx/ssl/certificate.pem;
    ssl_certificate_key /etc/nginx/ssl/private.key;

Once you update server code as above, use following command to save it.

control + x
y
enter or return

Finally, use restart command to restart nginx server.

sudo /etc/init.d/nginx restart

Check your website using following link.
https://www.sslshopper.com/ssl-checker.html
You must see all status checked with green tick ✅. If so, you are successfully integrated SSL certificate and fixed chaining issue.

Well done! I hope you found this blog to be helpful. Sharing this link would be highly appreciated.

Thanks