ldm

localhost.daplie.me-certificates

HTTPS / TLS certs for localhost.daplie.me to be used in testing and development.

Showing:

Popularity

Downloads/wk

62

Maintenance

No Maintenance Data Available

Package

Dependencies

0

Size (min+gzip)

0.7KB

License

Apache-2.0

Type Definitions

Tree-Shakeable

No?

Categories

Deprecated!
this package has been deprecated

Readme

About Daplie: We're taking back the Internet!

Down with Google, Apple, and Facebook!

We're re-decentralizing the web and making it read-write again - one home cloud system at a time.

Tired of serving the Empire? Come join the Rebel Alliance:

jobs@daplie.com | Invest in Daplie on Wefunder | Pre-order Cloud, The World's First Home Server for Everyone

HTTPS certs for localhost development

HTTPS certificates for localhost.daplie.me and similar domains, free for anyone to use in testing and development.

Includes:

  • localhost.daplie.me
  • localhost.foo.daplie.me
  • localhost.bar.daplie.me
  • localhost.baz.daplie.me
  • localhost.alpha.daplie.me
  • localhost.beta.daplie.me
  • localhost.gamma.daplie.me

Use with any webserver

git clone https://git.daplie.com/Daplie/localhost.daplie.me-certificates.git

The relevant fullchain.pem and privkey.pem are probably all you need to plug into the configuration of your webserver.

localhost.daplie.me-certificates/certs
├── localhost.daplie.me
│   ├── cert.pem
│   ├── chain.pem
│   ├── fullchain.pem
│   └── privkey.pem
├── www.localhost.daplie.me
├── api.localhost.daplie.me
├── assets.localhost.daplie.me
├── cloud.localhost.daplie.me
├── api.cloud.localhost.daplie.me

├── foo.localhost.daplie.me
├── bar.localhost.daplie.me
├── baz.localhost.daplie.me

├── alpha.localhost.daplie.me
├── beta.localhost.daplie.me
├── gamma.localhost.daplie.me

├── localhost.foo.daplie.me
├── localhost.bar.daplie.me
├── localhost.baz.daplie.me

├── localhost.alpha.daplie.me
├── localhost.beta.daplie.me
└── localhost.gamma.daplie.me

node.js

// use our defaults with SNICallback already enabled for these domains
var httpsOptions = require('localhost.daplie.me-certificates').merge({});
// or create you own
var tlsContexts = require('localhost.daplie.me-certificates').getAllTlsContexts({});
var httpsOptions = {
  key: tlsContexts['localhost.daplie.me'].key
, cert: tlsContexts['localhost.daplie.me'].cert
, httpsOptions.SNICallback = function (servername, cb) {
    if (tlsContexts[servername]) {
      cb(null, tlsContexts[servername]);
      return;
    }
    cb(null, tlsContexts['localhost.daplie.me']);
  }
};

For the sake of keywords: most people (including myself) think of these as "SSL certificates" but they are, in fact, signed RSA keypairs used for TLS encryption.

Install

# for use with any webserver
git clone https://git.daplie.com/Daplie/localhost.daplie.me-certificates.git ./certs

# as a node.js library
npm install --save localhost.daplie.me-certificates

# a quick and easy https server
npm install -g serve-https
├── privkey.pem           # private key in PEM format
├── cert.pem              # site certificate only
├── chain.pem             # intermetiate certificate only
└── fullchain.pem         # cert.pem + chain.pem

Usage

QuickStart

With bash

# serve https://localhost.daplie.me from current directory
serve-https

# serve from another directory and with an express app
serve-https -d /path/to/public/ --express-app /path/to/app.js

With https

var https = require('https');
var httpsOptions = require('localhost.daplie.me-certificates').merge({});
var server = https.createServer(httpsOptions, function (req, res) {
  res.end("Hello, World!");
});

server.listen(443, function () {
  console.log("Ready and listening at");
  console.log("https://localhost.daplie.me:443/");
});

Or with tls.createSecureContext:

var tls = require('tls');
var httpsOptions = require('localhost.daplie.me-certificates').mergeTlsOptions('localhost.daplie.me', {});
var tlsContext = tls.createSecureContext(httpsOptions);

API

  • merge(opts) will merge our defaults into your opts object (preferring options you have set)
  • create(opts) will create a new object with our defaults and your opts (preferring your options if both are set)
  • mergeTlsOptions(servername, opts) will merge keys for the specified servername into your opts object
  • getAllTlsContexts(opts) will get or create cache of contexts for all available *.daplie.me testing domains
  • getTlsContext(servername, opts) will get or create cache for specified <servername>.daplie.me testing domain

Our defaults:

{
  key: '<<privkey.pem>>'
, cert: '<<cert.pem + chain.pem>>'            // for localhost.daplie.me
, ca: undefined
, crl: undefined
, requestCert: false
, rejectUnauthorized: true
, SNICallback: function (domainname, cb) {
    cb(null, secureContext);
  }
  , NPNProtocols: ['http/1.1']
}

Public Suffix List

Note that daplie.me has been included in the Public Suffix List and that localhost.daplie.me has been submitted

This means that security policies around Cookies, LocalStorage, etc will treat daplie.me as if it were a tld (foo.daplie.me has the same security policy as foo.com) and that localhost.daplie.me will also be treated as a tld, if included.

Your Own Localhost Certs

Install the tools

npm install -g daplie-tools
npm install -g serve-https

Register a domain

daplie domains:search

Set the domain to localhost

# for example: if you registered foo.daplie.me and wanted to use localhost.foo.daplie.me
daplie domains:attach -n localhost.foo.daplie.me -d localhost

Start a greenlock / letsencrypt / ACME enabled server

serve-https -d /tmp --email john.doe@example.com --agree-tos --servername localhost.foo.daplie.me

Test the domain

curl https://localhost.foo.daplie.me:8443

The certificates will be available in the letsencrypt directory

~/letsencrypt/etc/live/localhost.daplie.me/
├── cert.pem
├── chain.pem
├── fullchain.pem
└── privkey.pem

Sometimes the very first time you try you get a SERVFAIL for the dns-01 challenge. If that happens it's probably just a DNS caching issue. Wait about 5 minutes (600 seconds) and try again.

Manual Setup

If you've done this kind of thing before:

git clone https://git.daplie.com/Daplie/localhost.daplie.me-certificates.git ./certs

Misnomer Alert: Most webservers and software call for a keypair consisting of server.crt and server.key. In most cases these actually correspond to fullchain.pem (crt) and privkey.pem (key).

https://localhost.daplie.me is an alias for https://localhost or https://127.0.0.1.

The benefit of using this certificate for localhost development is that you will have the exact same security policies and APIs available in development as you would have in production.

Let's Encrypt Certificate Conventions

The certificates are named according to the Let's Encrypt conventions:

  • privkey.pem - the server private key
  • cert.pem - includes the bare server certficate only
  • chain.pem - includes intermediate certificates only
  • fullchain.pem - includes cert.pem and chain.pem
  • root.pem - (proposed) includes any Root CAs

This convention is still subject to change. See https://github.com/letsencrypt/letsencrypt/issues/608 and https://groups.google.com/a/letsencrypt.org/forum/#!topic/client-dev/jE5uK4lPx5g to follow the conversation.

Screencast + Article

screencast thumbnail

Create a CSR in PEM format for your HTTPS cert

Examine HTTPS Certs with OpenSSL in Terminal

Examples

node.js

Quick and Dirty:

npm install --save-dev localhost.daplie.me-certificates
'use strict';

var https = require('https');
var server = https.createServer(require('localhost.daplie.me-certificates').create());
var port = process.argv[2] || 8443;

server.on('request', function (req, res) {
  res.end('[' + req.method + ']' + ' ' + req.url);
});
server.listen(port, function () {
  console.log('Listening', server.address());
});

https://localhost.daplie.me:8443/

DIY

Instead of simply requiring localhost.daplie.me-certificates you will clone the certs yourself and provide the options object.

git clone https://git.daplie.com/Daplie/localhost.daplie.me-certificates.git ./certs
var fs = require('fs');
var path = require('path');
var certsPath = path.join(__dirname, 'certs');

//
// SSL Certificates
//
var options = {
  key: fs.readFileSync(path.join(certsPath, 'privkey.pem'), 'ascii')
, cert: fs.readFileSync(path.join(certsPath, 'fullchain.pem'), 'ascii')
/*
  // only for verification
, ca: [
    fs.readFileSync(path.join(certsPath, 'root.pem'))
  ]
, requestCert: true
*/
, rejectUnauthorized: true
, SNICallback: function (domainname, cb) {
    // normally we would check the domainname choose the correct certificate,
    // but for this demo we'll always use this one (the default) instead
    cb(null, require('tls').createSecureContext(options));
  }
, NPNProtcols: ['http/1.1']
};

var server = https.createServer(options);

Caddy

  • TODO

How this was created

I created a directory ~/Code/localhost.daplie.me-certificates (this repository, actually) and ran the following commands from that directory:

01 Create a Private Key

01-create-key.sh:

mkdir -p certs/server
openssl genrsa \
  -out certs/server/privkey.pem \
  2048

02 Create a Certificate Signing Request (CSR)

02-create-csr.sh:

mkdir -p certs/tmp
openssl req -new \
  -sha256 \
  -key certs/server/privkey.pem \
  -out certs/tmp/csr.pem \
  -subj "/C=US/ST=Utah/L=Provo/O=Daplie Inc/CN=localhost.daplie.me"

03 Copy and Paste the CSR to name.com's console

cat certs/tmp/csr.pem:

-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwYDELMAkGA1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxDjAMBgNV
BAcTBVByb3ZvMRMwEQYDVQQKEwpEYXBsaWUgSW5jMR0wGwYDVQQDExRsb2NhbGhv
c3QuZGFwbGllLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ3j
1nY+5bJf2oWVRGCrwTQ7Mw/qzMMu62RgGZawN2d6QTDSYBSCZdyuEpwOiDy6AO9x
Wqo6WJx7yu6Yv04syZEbc5tLMtX77YROAF7GkRrBIkqPtSkKnDYQm0wW9I9escgy
GQ3itSSHU/Oijv6Lj8xUigM+WM+DE860U1K0QID/eQPYOWQhj/A6WQXxPWWDsDxD
3ZpVeLIgeZe5usd1PhuGvhhFvK+W0QHZ4D7PgsvKrP6Qwoc3VNiEwlQa6v8L8t7e
w2uEXa96o4J08GiZPClbAng8+Y3SSp5PQ3cPUIlWu3hSPxb03t8+yC5gB6Gzl7To
wJwBPcOXUSo00QnD96UCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCP04HRbk1x
i9ESsClWoClyG8VZCPGcG2KooQ2tqKaCBRGG9hNz1vm1SzUyclKz1CMZgI5i+b02
h/zeJRHkQ9ztT07oRUmKK1/tDt88J3AH3wIcnMEyzT3kHRuJbrZ81hEz417tePhs
v4/NziQc8Xv8WJP6sjcg72L5jlV0qrc3BYkdOqgjIOMOJoo7pNCbmh0xCvW5FURc
uG1AUaFPaDcOshT3YOlH9MP5/SoYl5X8y1SJVbNDOrQzJo8Erw1HoxOX4tRTd3F+
BalBlrLZQMvgtOkMNErebgARAz6xlfzXpOf7G0AkvllHJAnzTmSalzR5hDWdfcbq
mnxzBDw4+wI+
-----END CERTIFICATE REQUEST-----

04 Follow Validation Procedure

I bought the domain on name.com so I could have used the automatic validation process, but since I have my GLUE records and DNS management for the daplie.com DNS elsewhere and I didn't want to go through the hassle of the validation records, I used the registered admin email address (which I happened to already have setup through mailgun).

This is the email I got:

ORDER APPROVAL

Dear Domain Administrator,

You are receiving this email because you are the Domain Administrator for localhost.daplie.me and the person identified below has requested a RapidSSL certificate for:

localhost.daplie.me


Applicant Information:
     Name:   AJ ONeal
     Email:  coolaj86@gmail.com
     Phone:  +1.3175556525

AJ ONeal requests that you come to the URL below to review and approve this certificate request:

     https://products.geotrust.com/orders/A.do?p=Ac8lMXMpxHsbZVlWJwBcF

Please follow the above link and click either the I APPROVE or I DO NOT APPROVE button.

When you click I APPROVE the certificate will be issued and emailed to the Applicant, Approver, and Technical contacts.

If you click I DO NOT APPROVE the certificate application will be cancelled.

Thanks,

RapidSSL Customer Support
http://www.rapidssl.com/support
Hours of Operation: Mon - Fri 09:00 - 17:00 (EST)
Email:     orderprocessing@rapidssl.com
Live Chat: https://knowledge.rapidssl.com/support/ssl-certificate-support/index.html

And once I clicked the link, this was the confirmation email I got back:

Dear AJ ONeal,

Congratulations! RapidSSL has approved your request for a RapidSSL certificate. Your certificate is included at the end of this email.

INSTALLATION INSTRUCTIONS

1. INSTALL CERTIFICATE:
Install the X.509 version of your certificate included at the end of this e-mail.
For installation instructions for your SSL Certificate, go to:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO16226

2. INTERMEDIATE CERTIFICATE ADVISORY:
You MUST install the RapidSSL intermediate Certificate on your server together with your Certificate or it may not operate correctly.

** MICROSOFT IIS and TOMCAT USERS
Microsoft and Tomcat users are advised to download a PKCS #7 formatted certificate from the GeoTrust User Portal:
https://products.geotrust.com/orders/orderinformation/authentication.do. PKCS #7 is the default format used by these vendors during installation and includes the intermediate CA certificate.

You can get your RapidSSL Intermediate Certificates at:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548

3. CHECK INSTALLATION:
Ensure you have installed your certificate correctly at:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1549

4. INSTALL THE RAPIDSSL SITE SEAL:
Additionally, as part of your SSL Certificate Service, you are entitled to display the RapidSSL Site Seal - recognized across the Internet and around the world as a symbol of authenticity, security, and trust - to build consumer confidence in your Web site.

Installation instructions for the RapidSSL Site Seal can be found on the following link:
https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO14424&actp=LIST&viewlocale=en_US

If you require additional technical support please contact Name.com.

Web Server CERTIFICATE
-----------------

-----BEGIN CERTIFICATE-----
MIIEqzCCA5OgAwIBAgIDBPiXMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTA2MDkwOTI3NDJaFw0xNjA2MTEyMDA4MDdaMIGYMRMw
EQYDVQQLEwpHVDcyMjM4NTY5MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEdMBsGA1UEAxMUbG9jYWxob3N0LmRhcGxp
ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCd49Z2PuWyX9qF
lURgq8E0OzMP6szDLutkYBmWsDdnekEw0mAUgmXcrhKcDog8ugDvcVqqOlice8ru
mL9OLMmRG3ObSzLV++2ETgBexpEawSJKj7UpCpw2EJtMFvSPXrHIMhkN4rUkh1Pz
oo7+i4/MVIoDPljPgxPOtFNStECA/3kD2DlkIY/wOlkF8T1lg7A8Q92aVXiyIHmX
ubrHdT4bhr4YRbyvltEB2eA+z4LLyqz+kMKHN1TYhMJUGur/C/Le3sNrhF2veqOC
dPBomTwpWwJ4PPmN0kqeT0N3D1CJVrt4Uj8W9N7fPsguYAehs5e06MCcAT3Dl1Eq
NNEJw/elAgMBAAGjggFMMIIBSDAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz
4gjLWTBXBggrBgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1j
ZC5jb20wJgYIKwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYD
VR0RBBgwFoIUbG9jYWxob3N0LmRhcGxpZS5jb20wKwYDVR0fBCQwIjAgoB6gHIYa
aHR0cDovL2d2LnN5bWNiLmNvbS9ndi5jcmwwDAYDVR0TAQH/BAIwADBBBgNVHSAE
OjA4MDYGBmeBDAECATAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy5yYXBpZHNz
bC5jb20vbGVnYWwwDQYJKoZIhvcNAQELBQADggEBAGlPWTo4Z7oS6E5QPVhFr0kH
wdyGqFD3u93Nxa9L2Hfs2UrpJhhrliux/C9mxgk1O1bgVGhVvQNhiTUBSkJaIMCQ
aG5cQPBLV5u+vK+YFJHK8F+C0/vKU/xcEp4Ae1JNkIoXnfdPbGGbIS82HYp2uveD
dtv5/hqIdLfT6TRFZ7IbhCvTR0iYzPRsOB68PSWKHyVcolK2EHIHdo7Zjs/0tEF5
+4g/NKqX7zAMtMwQ9puPxm6M4BDnJjfiicH+4SeaRG72qpV56mHAeEOeIB4WQ61d
QyTmfubJfT/S1IBFfwqLln/Kf3PGyOvoOYocFpkfHvzFrviqljDDIyfVWx7hQpE=
-----END CERTIFICATE-----

05 Create Files from the provided Certificate (and intermediates)

Domain Name

localhost.daplie.me

Server Certificate

cert.pem:

-----BEGIN CERTIFICATE-----
MIIFajCCBFKgAwIBAgIQdsKX6kswrkbK7NZ/kc31vTANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMS
UmFwaWRTU0wgU0hBMjU2IENBMB4XDTE2MDYxMDAwMDAwMFoXDTE3MDcxMDIzNTk1
OVowHzEdMBsGA1UEAwwUbG9jYWxob3N0LmRhcGxpZS5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCd49Z2PuWyX9qFlURgq8E0OzMP6szDLutkYBmW
sDdnekEw0mAUgmXcrhKcDog8ugDvcVqqOlice8rumL9OLMmRG3ObSzLV++2ETgBe
xpEawSJKj7UpCpw2EJtMFvSPXrHIMhkN4rUkh1Pzoo7+i4/MVIoDPljPgxPOtFNS
tECA/3kD2DlkIY/wOlkF8T1lg7A8Q92aVXiyIHmXubrHdT4bhr4YRbyvltEB2eA+
z4LLyqz+kMKHN1TYhMJUGur/C/Le3sNrhF2veqOCdPBomTwpWwJ4PPmN0kqeT0N3
D1CJVrt4Uj8W9N7fPsguYAehs5e06MCcAT3Dl1EqNNEJw/elAgMBAAGjggJ9MIIC
eTAfBgNVHREEGDAWghRsb2NhbGhvc3QuZGFwbGllLmNvbTAJBgNVHRMEAjAAMCsG
A1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9ncC5zeW1jYi5jb20vZ3AuY3JsMG8GA1Ud
IARoMGYwZAYGZ4EMAQIBMFowKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlk
c3NsLmNvbS9sZWdhbDAsBggrBgEFBQcCAjAgDB5odHRwczovL3d3dy5yYXBpZHNz
bC5jb20vbGVnYWwwHwYDVR0jBBgwFoAUl8InUJ7CyewMiDLIfK3ipgFP2m8wDgYD
VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggr
BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ncC5zeW1jZC5jb20wJgYI
KwYBBQUHMAKGGmh0dHA6Ly9ncC5zeW1jYi5jb20vZ3AuY3J0MIIBAgYKKwYBBAHW
eQIEAgSB8wSB8ADuAHYA3esdK3oNT6Ygi4GtgWhwfi6OnQHVXIiNPRHEzbbsvswA
AAFVOonOzQAABAMARzBFAiEAzh4K7ZOSGCCFFvzAvrfl+o5AKcnmV7NHPgQZe3x4
hZgCIH/M2LZI1OSdkQbF2wgD/xH4PvQ4i8TTOdGB0WAYVr1eAHQApLkJkLQYWBSH
uxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFVOonO8gAABAMARTBDAh84cfLQthSR
Pe6hFgL8TPSuCUxIFBcEbnIPNB7ZxQwYAiBTClbmIn81bBkwAjasJu2u+UdxGE0i
Wx5lFe5X9pqsUTANBgkqhkiG9w0BAQsFAAOCAQEAAWYuT/fTBZdXb4kwoVaUnc82
2CEnGuOHr9QMdGRMqWJRe068StADdw1u3V6bcB7+mBiGl8C+WOLhv9WxYKqNFvyj
Eeaeekb4GqfrfuxNvoOU/vHdYaww2J9N1ESgIV4BdFF8aNgOnjpRcKSMsMgzNJdU
lh6l7jhnTeNYCyMnn+2dVQBcRQvptKmpkS4sK6NAVSMWDioImEoGj0PCdLqG8k21
d3vNddCEQmcNUTHs38nswUKZxfQKpjo+z9jBFmurmaNqSFnd8ySmBELZjXEOXEQz
KBlUSDj3UYVmH49t0toGyHVfKHPCBLyUZhvUTy0tNVgn9Nc+/MXJnv+c5rxVeQ==
-----END CERTIFICATE-----

CA Certificates

INTERMEDIATE

intermediate.crt.pem:

-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgIDAjpxMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMTMxMjExMjM0
NTUxWhcNMjIwNTIwMjM0NTUxWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
LjEbMBkGA1UEAxMSUmFwaWRTU0wgU0hBMjU2IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAu1jBEgEul9h9GKrIwuWF4hdsYC7JjTEFORoGmFbdVNcRjFlbPbFUrkshhTIWX1SG5tmx
2GCJa1i+ctqgAEJ2sSdZTM3jutRc2aZ/uyt11UZEvexAXFm33Vmf8Wr3BvzWLxmKlRK6msrVMNI4
/Bk7WxU7NtBDTdFlodSLwWBBs9ZwF8w5wJwMoD23ESJOztmpetIqYpygC04q18NhWoXdXBC5VD0t
A/hJ8LySt7ecMcfpuKqCCwW5Mc0IW7siC/acjopVHHZDdvDibvDfqCl158ikh4tq8bsIyTYYZe5Q
Q7hdctUoOeFTPiUs2itP3YqeUFDgb5rE1RkmiQF1cwmbOwIDAQABo4IBSjCCAUYwHwYDVR0jBBgw
FoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4wHQYDVR0OBBYEFJfCJ1CewsnsDIgyyHyt4qYBT9pvMBIG
A1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgEGMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6
Ly9nMS5zeW1jYi5jb20vY3Jscy9ndGdsb2JhbC5jcmwwLwYIKwYBBQUHAQEEIzAhMB8GCCsGAQUF
BzABhhNodHRwOi8vZzIuc3ltY2IuY29tMEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEGCCsG
AQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3BzMCkGA1UdEQQiMCCk
HjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTU2OTANBgkqhkiG9w0BAQsFAAOCAQEANevhiyBW
lLp6vXmp9uP+bji0MsGj21hWID59xzqxZ2nVeRQb9vrsYPJ5zQoMYIp0TKOTKqDwUX/N6fmS/Zar
RfViPT9gRlATPSATGC6URq7VIf5Dockj/lPEvxrYrDrK3maXI67T30pNcx9vMaJRBBZqAOv5jUOB
8FChH6bKOvMoPF9RrNcKRXdLDlJiG9g4UaCSLT+Qbsh+QJ8gRhVd4FB84XavXu0R0y8TubglpK9Y
Ca81tGJUheNI3rzSkHp6pIQNo0LyUcDUrVNlXWz4Px8G8k/Ll6BKWcZ40egDuYVtLLrhX7atKz4l
ecWLVtXjCYDqwSfC2Q7sRwrp0Mr82A==
-----END CERTIFICATE-----

ROOT

root.crt.pem:

-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----

06 Bundle the certificates (for Caddy et al)

cat server/privkey.pem > privkey.pem

cat server/cert.pem > cert.pem

cat ca/intermediate.crt.pem > chain.pem

cat server/cert.pem ca/intermediate.crt.pem > fullchain.pem

cat server/ca.crt.pem > root.pem

Note: The order may be important. It should be from least to greatest authority as seen above.

Rate & Review

Great Documentation0
Easy to Use0
Performant0
Highly Customizable0
Bleeding Edge0
Responsive Maintainers0
Poor Documentation0
Hard to Use0
Slow0
Buggy0
Abandoned0
Unwelcoming Community0
100