SSL Server Certs for client servers

We get our SSL certs from startcom via a level2 personal validation.

Certs cover:

servername.country.afternet.org
*.afternet.org
afternet.org (built in by startcom)

Then you decrypt the key:

openssl rsa -in ssl.key -out ssl.key

Startcom sends you a zip with other zips in it. We want ApacheServer.zip, extract the 2 files from it and then do this:

cat server.key 2_server.crt 1_root_bundle.crt > ircd.pem

Lessons Learned

  • gnutls defaults to accepting only 16 intermediary certs, and the startcom intermediary bundle has 18, so it breaks. We really only need the one class2 sub cert, so we switched to that.
  • The ca cert is not needed and causes a warning (self signed certificate in chain) in some cases, so removed that.