HTTP-сервер должен иметь цепочку domain
и intermediate
как цепочку сертификата на стороне сервера.
cat certs/intermediate/certs/domain.cert.pem \ certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem
Ты не документирован.
Я следую за https://jamielinux.com/docs/openssl-certificate-authority/index.html, и после создания корневого и промежуточного кода цепочки файл имеет иерархию, как и другие.
Вот пример ожидаемой иерархии:
Но после импорта ca-chain.cert.pem
через Firefox, которые содержат промежуточный и root (именно этот порядок). Просто импортируйте промежуточное звено.
После импорта в браузер веб-сайт работает хорошо, но в иерархии нет корневой буквы. просто промежуточный, а затем сертификация сайта.
Даже после импорта root ca сертификат не имеет иерархии, как я ожидал. Что я пропустил?
Root CA:
Certificate: Data: Version: 3 (0x2) Serial Number: f1:61:fb:1e:9e:12:3d:1a Signature Algorithm: sha256WithRSAEncryption Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Validity Not Before: Jan 1 00:00:00 2018 GMT Not After : Jan 1 00:00:00 2058 GMT Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3: 54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40: 7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba: 21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c: 64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af: 2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0: 42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b: 23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7: 29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a: 25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94: f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69: 86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d: fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f: 29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9: ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74: a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d: 03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14: b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00: df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18: aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15: 41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9: 76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4: 68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83: f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac: 15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df: f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f: d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97: 58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23: 4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5: 6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb: f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b: 27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1: 2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37: ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14: 3d:cf:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F X509v3 Authority Key Identifier: keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F X509v3 Basic Constraints: critical CA:TRUE X509v3 Issuer Alternative Name: <EMPTY> X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption 8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0: 54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c: 0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37: fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1: 76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5: 5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0: f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b: cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77: 76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91: e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0: a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31: b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d: 8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6: bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d: 2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc: 32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea: 2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24: 59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34: 1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a: 04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae: 37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09: 03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d: a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68: ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae: e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69: c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7: 20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56: 4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb: c7:5c:5f:fd:ec:0c:07:66
Средний CA:
Certificate: Data: Version: 3 (0x2) Serial Number: 4096 (0x1000) Signature Algorithm: sha256WithRSAEncryption Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Validity Not Before: Jan 1 00:00:00 2018 GMT Not After : Jan 1 00:00:00 2048 GMT Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55: b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da: 98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1: 2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59: f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45: 94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8: 4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d: 47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f: 12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75: 5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43: 42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e: 07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d: 8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee: da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91: d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96: 31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99: e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52: c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09: 05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d: 17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94: 4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa: b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f: 89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b: 15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79: e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0: 73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46: 8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50: 18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9: 03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e: e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a: 50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea: 7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e: 3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8: 77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87: d2:82:6d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7 X509v3 Authority Key Identifier: keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40: 3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81: 4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29: eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81: c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01: 67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f: e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43: 73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14: e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca: 66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd: 75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62: 4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79: 6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07: ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2: 59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37: 9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d: 5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1: 5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc: c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b: 9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed: 86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6: 61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2: 2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f: 6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3: 58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84: f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7: 5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39: af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de: 1a:d3:32:15:7a:d7:f7:63
Цепочка CA:
Certificate: Data: Version: 3 (0x2) Serial Number: 4096 (0x1000) Signature Algorithm: sha256WithRSAEncryption Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Validity Not Before: Jan 1 00:00:00 2018 GMT Not After : Jan 1 00:00:00 2048 GMT Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55: b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da: 98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1: 2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59: f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45: 94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8: 4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d: 47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f: 12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75: 5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43: 42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e: 07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d: 8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee: da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91: d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96: 31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99: e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52: c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09: 05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d: 17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94: 4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa: b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f: 89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b: 15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79: e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0: 73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46: 8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50: 18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9: 03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e: e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a: 50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea: 7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e: 3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8: 77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87: d2:82:6d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7 X509v3 Authority Key Identifier: keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40: 3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81: 4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29: eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81: c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01: 67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f: e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43: 73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14: e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca: 66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd: 75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62: 4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79: 6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07: ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2: 59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37: 9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d: 5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1: 5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc: c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b: 9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed: 86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6: 61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2: 2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f: 6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3: 58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84: f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7: 5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39: af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de: 1a:d3:32:15:7a:d7:f7:63
HTTP-сервер должен иметь цепочку domain
и intermediate
как цепочку сертификата на стороне сервера.
cat certs/intermediate/certs/domain.cert.pem \ certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem
Ты не документирован.