Generally, the certificate file we get will contain the following four files:
XXXX.crt
XXXX.key
DigiCertCA.crt
TrustedRoot.crt
And what we configure on nginx are generally *.pem files and *.key files. We can use the key file directly; while the *.pem file generally requires us to synthesize it.
I am using openssl and I will introduce my synthesis method below.
1. First, combine the public key, CA certificate, and ROOT certificate into a crt file, which can be processed with this tool https://defense.yunaq.com/tools/certificate_composing/
2. Then generate a certificate chain, use the XXX.key file and XXX.crt file to generate a temporary file, the command is as follows
openssl pkcs12 -export -out XXX.pfx -inkey XXX.key -in XXX.crt
XXX.key is the key file
XXX.crt is a crt file
XXX.pfx is the generated temporary file
After execution, it is found that there is an extra XXX.pfx in the current directory
3. Then use the generated temporary file to synthesize the pem file
openssl pkcs12 -in XXX.pfx -nodes -out XXX.pem
4. Configure the generated XXX.pem and original XXX.key to nginx
5. Log in to the website to verify whether the expiration time of the domain name has been updated
There is no problem in the production environment test, please feel free to use it, remember to like it