知識庫

什麼是 CA bundle?

CA bundle is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain.

The chain is required to improve compatibility of the certificates with web browsers and other kind of clients so that browsers recognize your certificate and no security warnings appear.

Comodo may send you a complete CA bundle in a zip file with a *.ca-bundle extension or root and intermediate certificates separately.

In case you have received the intermediate and root certificates as separate files, you should combine them into a single one to have a complete CA_bundle. But since the certificates in the CA bundle should be in a particular order, it could be not clear what the correct sequence of root and intermediate certificates is.

For example, you have received Comodo’s PositiveSSL in zip. There could be three files: yourdomain.crt, COMODORSADomainValidationSecureServerCA.crt, COMODORSAAddTrustCA.crt and AddTrustExternalCARoot.crt. While, obviously, yourdomain.crt is a public certificate issued for your domain name, it could be not clear how to create a correct CA bundle for it with the other two files.