Combining SSL certificates

Matthew Seaman m.seaman at
Fri Apr 2 17:34:41 UTC 2010

Hash: SHA1

On 02/04/2010 17:19:02, Adam Vande More wrote:
> On Fri, Apr 2, 2010 at 9:04 AM, Jerry <freebsd.user at> wrote:
>> Is it possible to combine all of the certificates in a chain into one
>> *.pem file?
>> openssl s_client -connect -crlf -showcerts
>> This would show, in this case anyway, two certificates. Could I combine
>> both certs into on file, example: gmail-imap.pem and then run
>> 'c_rehash' on the file or do I have to save both certs in separate
>> files to complete the chain?
> Doesn't it work to simply concatenate pem's together?  I was my
> understanding it was possible to do that, but perhaps order of concatenation
> matters.  So make sure you're dealing with pem's and cat together with root
> being last and I think it should work.

Depends on the application I think.  Some applications like SSL key and
cert in the same file.  Some applications want them separate.  Some
applications like SSL Certs and all of the CA-Cert keys used to sign it
concatenated together; others like separate files for CA-Certs; yet
others only want CA Certs which aren't from one of the well-known root CAs.

Can't say as I've ever run into an app that likes several different keys
or certs in the same file [well, except for Java keystores, but in that
case the appropriate response is to scream and run away very quickly]

You pays your money, and you takes your choice.



- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
                                                  Kent, CT11 9PW
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla -


More information about the freebsd-questions mailing list