Certificate Management
Cert tools
What is a Certificate Bundle?
A certificate bundle is a single file containing a chain of X.509 certificates (such as a server certificate, intermediate CAs, and a root CA) in a specific order. Bundles are used to establish trust in SSL/TLS, S/MIME, and other secure protocols.
- Leaf/Server Certificate → Intermediate CA(s) → Root CA
- Order matters! Most systems expect leaf-to-root order.
Build Your Certificate Bundle
Drag & drop certificates here or to select files
Best Practices
- Order certificates from leaf to root unless your system requires otherwise.
- Include all intermediate CAs for maximum compatibility.
- Do not include the private key in a bundle.
- Use PEM format for most web servers and PKCS#7 for Windows/IIS.
- Verify each certificate's validity and expiry before bundling.
Troubleshooting
- If your server rejects the bundle, check the order and format.
- Use OpenSSL to inspect and verify bundles:
openssl crl2pkcs7 -nocrl -certfile bundle.pem | openssl pkcs7 -print_certs -noout - Ensure all certificates are in the correct encoding (PEM or DER).
- Check for duplicate or expired certificates.