Private Key; Server Certificate (crt, puplic key) (optional) Intermediate CA and/or bundles if signed by a 3rd party; How to create a self-signed PEM file openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem How to create a PEM file from existing certificate files that form a chain. The following files are generated in the directory: key.pem is the server private key. Key-pkcs8.pem is the server private key in PKCS#8 format. Certificate.pem is the certificate chain file in pem format. It includes the server certificate issued by CA and CA intermediate or root certificate.

How do I make my own bundle file from CRT files?
Answer: You may do this using you favorite text editor or by using the command line.
Example:
# Root CA Certificate - AddTrustExternalCARoot.crt
# Intermediate CA Certificate 1 - ComodoRSAAddTrustCA.crt OR ComodoECCAddTrustCA.crt
# Intermediate CA Certificate 2 - ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt OR ComodoRSAECCDomain/Organization/ExtendedvalidationSecureServerCA.crt
# Intermediate CA Certificate 3 - ComodoSHA256SecureServerCA.crt
# Your SSL Certificate - yourDomain.crt
Note: You will not need your SSL certificate for this exercise.
GUI Text Editor
1. Open All files in a text editor. (Remember, not your domain certificate.)
2. Create a new blank text file.
3. Copy contents of all files in reverse order and paste them into the new file.
Example: Intermediate 3, Intermediate 2, Intermediate 1, Root Certificate.
4. Save newly created file as 'yourDomain.ca-bundle'.
Command Line
Linux or UNIX-like Operating Systems:
-- cat ComodoRSAAddTrustCA.crt ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt AddTrustExternalCARoot.crt > yourDomain.ca-bundle

Or

-- cat ComodoSHA256SecureServerCA.crt AddTrustExternalCARoot.crt > yourDomain.ca-bundle
Windows or DOS:
-- copy ComodoRSAAddTrustCA.crt + ComodoRSADomain/Organization/ExtendedvalidationSecureServerCA.crt + AddTrustExternalCARoot.crt yourDomain.ca-bundle

Or

-- copy ComodoSHA256SecureServerCA.crt + AddTrustExternalCARoot.crt yourDomain.ca-bundle
Note: 'yourDomain.ca-bundle' is only a place holder file name. You may call it anything you want.

Related Items

* Root & Intermediate Certificates

You have a private key file in an openssl format and have received your SSL certificate. You'd like now to create a PKCS12 (or .pfx) to import your certificate in an other software?

Here is the procedure!

Generate Chain From Crt Key Files Download

• Find the private key file (xxx.key) (previously generated along with the CSR).
• Download the .p7b file on your certificate status page ('See the certificate' button then 'See the format in PKCS7 format' and click the link next to the diskette).
• a) Convert this file into a text one (PEM):

  On Windows, the OpenSSL command must contain the complete path, for example:
  c:openssl-win32binopenssl.exe ...)

• b) Now create the pkcs12 file that will contain your private key and the certification chain:
  

  You will be asked to define an encryption password for the archive (it is mandatory to be able to import the file in IIS). You may also be asked for the private key password if there is one!

You can now use the file file final_result.p12 in any software that accepts pkcs12! For IIS, rename the file in .pfx, it will be easier.

Alternatively, if you want to generate a PKCS12 from a certificate file (cer/pem), a certificate chain (generally pem or txt), and your private key, you need to use the following command:

Linked Documentation:

Generate Chain From Crt Key Files Youtube