I was recently enabling SSL on a web application which required the certificate file to be provided as a concatenated certificate container file containing all SSL certificates in the chain.
The method to perform the above is relatively simple and just requires each certificate to the chain to be opened in a text editor and the content to be combined into a single file.
Whilst relatively simple, I decided to use Windows PowerShell and create an advanced function to achieve the above.
Firstly, we need to specify the certificate files to combine to a container file and the in correct order of the certificate path. For Example, if you were to open the SSL certificate and view the certification path the order of the certificate files you specify should be in ascending order. Also, optionally you require to specify the private key in some scenarios in this case this should be the first certificate file specified. By default, the container file is created in the location of the users profile in PEM format but you may specify an alternative location and/or file extension.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CmdletBinding()] | |
| Param( | |
| [Parameter(Mandatory=$true)][ValidateScript({Get-Item $_})][String[]] $Certificates, | |
| [String] $Output = ([Environment]::GetEnvironmentVariable("UserProfile")) + "\container_file.pem" | |
| ) |
Once we have a list of certificates to combine to a container file in the correct order to retrieve (Get-Content) the content of each certificate file and add the content (Add-Content) to the container file. When I reference the content of a certificate file we are retrieving the body of each file including the begin and end tags as below.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Process | |
| { | |
| Try | |
| { | |
| # Retrieves and adds the content of each certificate from the specified location to a concatenated certificate container file. | |
| ForEach ($Certificate in $Certificates) | |
| { | |
| Get-Content $Certificate | Add-Content $Output | |
| } | |
| } # Try | |
| Catch | |
| { | |
| Write-Host ("The creation of the concatenated certificate container file failed with the following exception message: " + $Error[0].Exception.Message) -ForegroundColor Red | |
| Break | |
| } # Catch | |
| } # Process |
Once the content of each certificate file has been retrieved and the content has been added to the container file this will create a file in the location specified or by default in the location of the users profile folder in PEM format.
Below is an example of the invoking the function and the output generated with the verbose message stream enabled.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ConvertTo-CertificateContainer -Certificates "C:\Certificates\SSL.crt", "C:\Certificates\IntermediateCA.crt", "C:\Certificates\RootCA.crt" -Output C:\Certificates\chain.pem -Verbose |
The advanced function is available from here.
Deans Blog 