SSL - how to properly create the chained CRT file?

Question

I am trying to renew my SSL certificate after a year. I am not very experienced through the process and it's always a bit of magic to me.

How to properly create that chained CRT file?

What I have done:

1. I have generated myserver.key and server.csr
2. I put the server.csr file to the Namecheap dashboard and now waiting for approval and receiving some other files (I think there's going to be the SSL certificate file itself?)

What am I supposed to do know?

I am looking to the old ZIP file that I got from Comodo and there are these 4 files:

1. COMODORSADomainValidationSecureServerCA.crt
2. COMODORSAAddTrustCA.crt
3. www_mydomain_com.crt
4. AddTrustExternalCARoot.crt

How to create from these 4 files (and the myserver.key that is on the server) the final chained CRT file?

It's still a bit confused about this.

Thank you in advance.

Answer 1

The certificate file containing the full chain has to contain the leaf certificate and then down to the root via the intermediate certificates.

So for example, this would be the order with the given filenames:

• www_mydomain_com.crt
• COMODORSADomainValidationSecureServerCA.crt
• COMODORSAAddTrustCA.crt
• AddTrustExternalCARoot.crt

Answer 2

It seems like you can just concatenate them.

$ cat www_mydomain_com.crt COMODORSADomainValidationSecureServerCA.crt 
      COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > www_mydomain_com.chained.crt

Linebreaks added for readability