1 Topic by bTal

  • bTal
  • Member
  • Offline
  • Registered: 2011-11-23
  • Posts: 16

Topic: Godaddy SSL cert .ca-batch issue

iRedmail SSL instructions say that you should get two files when you buy an SSL cert (I purchased my SSL from Godaddy). I did get two files, but they are both ".crt" files. iRedmail expects 2nd one to be a ".ca-bundle". (see http://www.iredmail.org/docs/use.a.boug … ate.html).

Is there a way to convert a ".crt" to a ".ca-bundle"? have you seen this issue with GoDaddy certs before?

I did call GoDaddy and spoke with level 1 and level 2 SSL support. Neither one had any idea what a ".ca-bundle" file was.

The first ".crt" file seems to be just for my domain and the 2nd one that seems to have several certs in it.

I only do SSL certs once every 3 years. wink

https://casecurity.ssllabs.com/analyze. … atsite.com gives me a "B" grade. Says I have "chain issues".

Thoughts?

~ bTal

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Godaddy SSL cert .ca-batch issue

bTal wrote:

The first ".crt" file seems to be just for my domain and the 2nd one that seems to have several certs in it.

I  guess the second one is ca bundle.

3 Reply by bTal

  • bTal
  • Member
  • Offline
  • Registered: 2011-11-23
  • Posts: 16

Re: Godaddy SSL cert .ca-batch issue

ZhangHuangbin wrote:
bTal wrote:

The first ".crt" file seems to be just for my domain and the 2nd one that seems to have several certs in it.

I  guess the second one is ca bundle.

Ok, not an SSL guru here.

Does the .ca-batch file "litterally" have to be somestuffname.ca-batch or can it be somestuffname.crt?

If it can be a .crt file, what certs does it have to have inside of it? I'm hearing the term "intermediate" a lot and I see the error that the SSL cert is not trusted because it isn't in Mozilla's root store.

Is the 2nd file messed up or am I not linking to it correctly. (i renamed my old certs "somecertname.crt" to "somecertname.crt.001" I then copied the new ones "somecertname.crt.002" to the directory and copied them again to be the original names "somecertname.crt".

Thoughts?

~ bTal

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Godaddy SSL cert .ca-batch issue

The 'ca-bundle' in file name is just a sample, Linux/Unix doesn't care about file extension, they can detect file type. File extension is used by human beings to easier understand what type this file is.

So, yes, it can be '.crt' file. And usually it's "intermediate" file.

5 Reply by bTal

  • bTal
  • Member
  • Offline
  • Registered: 2011-11-23
  • Posts: 16

Re: Godaddy SSL cert .ca-batch issue

ZhangHuangbin wrote:

The 'ca-bundle' in file name is just a sample, Linux/Unix doesn't care about file extension, they can detect file type. File extension is used by human beings to easier understand what type this file is.

So, yes, it can be '.crt' file. And usually it's "intermediate" file.

Thanks. That means I'm not linked up correctly.

Poop.

~ bTal