Intermediate SSL Certificates

Apache allows setting the intermediate SSL certificate using the SSLCertificateChainFile directive but nginx serves certificates configurable using only the keys:

        ssl_certificate /etc/nginx/ssl/certificate.crt;
        ssl_certificate_key /etc/nginx/ssl/private.key;

in order to create the certificate, the individual certificates:

  1. the site certificate
  2. the intermediate certificate
  3. the root certificate

have to be concatenated, in that order to a separate file chain.pem:

cat site.crt intermediate.crt root.crt > chain.pem

that will then be referenced in the nginx configuration file:

        ssl_certificate /etc/nginx/ssl/chain.pem;
        ssl_certificate_key /etc/nginx/ssl/private.key;

Note that some certificates do not include newlines at the end of the file such that you may have to edit the certificate manually such that all blocks follow each other:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----