On Wed, Mar 20, 2024 at 06:17:48AM +0100, Niels Kobschätzki via Exim-users wrote:
> Use https://whatsmychaincert.com/, put in your certificate and get a file with a correct full chain with or without root back.
This is prone to accidental pasting of one's private keys into the
webform. A safer alternative is:
$ openssl pkcs12 -export -chain -nokeys -passout pass:whatever \
-in cert.pem -untrusted chain.pem |
openssl pkcs12 -in /dev/stdin -passin pass:whatever
This will construct a PKCS#12 object with the complete chain, and then
dump that chain to stdout. The "chain.pem" file containts candidate
intermediate CAs, and "cert.pem" contains the end-entity certificate.
The system trust store will provide the trust anchor (root CA).
To save directly to a file add a final "-out fullchain.pem" (or filename
of your choice) option.
--
Viktor.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
