To use SSL, the web server that I am using requires the location of a single .pem file (-ssl_cert xyz.pem)
I have a certificate issued by GoDaddy. They gave me the file:
banana.crt
The preceding certificate request was created using a private key I generated
banana.key
Googling seems to suggest that creating a .pem file is as simple as concatenating them.
cat banana.key banana.crt > banana.pem
Unfortunately, starting the server with banana.pem, and visiting it with Safari tells me:
Issued by: Go Daddy Secure Certificate Authority
This certificate was signed by an unknown authority
What's going wrong? Have I or GoDaddy screwed something up in the creation of the certificate, or do I somehow have to mix something from here in to my .pem file?
I'm visiting with a fully up to date OS X Leopard + Safari installation.
Depending on which type of certificate you have, go to https://certs.godaddy.com/Repository.go and download the appropriate intermediate certificate chain (one of the
.crtfiles, most likely this one). Paste that into your PEM file along with your own certificate and key.Your creation of the
.pemfile is fine. If it wasn't then HTTP server is unlikely to start.Assuming that you have a GoDaddy root certificate in your browser's trusted certs, then the certificate that they have provided you is what's known as a "chained" certificate. This means that it hasn't been signed directly by their root. It is signed by an intermediatory CA which in itself is signed by the root.
In order for your browser to trust the chained certificate it needs to know of all certificates in the chain. In Apache this is accomplished with the
SSLCertificateChainFiledirective, which pushes the other certificates in the chain to the client during the SSL handshake process.You'll need to find a substitute for this directive in Mongoose. The manual doesn't appear to indicate how. You may find that placing the chain certificate(s) at the end of the PEM to help.
Try generating the pem file using the openssl command.