On Wed, Mar 20, 2024 at 06:17:48AM +0100, Niels Kobschätzki via Exim-users wrote:
> Use https://whatsmychaincert.com/, put in your certificate and get a file > with a correct full chain with or without root back. This is prone to accidental pasting of one's private keys into the webform. A safer alternative is: $ openssl pkcs12 -export -chain -nokeys -passout pass:whatever \ -in cert.pem -untrusted chain.pem | openssl pkcs12 -in /dev/stdin -passin pass:whatever This will construct a PKCS#12 object with the complete chain, and then dump that chain to stdout. The "chain.pem" file containts candidate intermediate CAs, and "cert.pem" contains the end-entity certificate. The system trust store will provide the trust anchor (root CA). To save directly to a file add a final "-out fullchain.pem" (or filename of your choice) option. -- Viktor. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
