Extract intermediate and Root certificate
10:59 PM
Save the CA signed certificate to a text file with a .cer extension.
For example: signed-certificate.cer. Include the Begin Certificate and
End Certificate lines when you save the file. For example:
---BEGIN CERTIFICATE---
MIIFPDCCBCSgAwIBAgIQdc/+38qo3f3bZwozWEiUVjANBgkqhkiG9w0BAQUFADCB
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
DTE0MDcwNzAwMDAwMFoXDTE1MDcwODIzNTk1OVowejAYELMAkGA1UEBhMCVVMxEzAR
---END CERTIFICATE---
You must export the certificate from the chain; first let’s start with the Root Certificate.
b.Highlight an entry of the certificate chain.
c.Click View Certificate.
d.In the Certificate dialog window, click the Details tab.
e.Click Copy to File...
f.In the Certificate Export Wizard that appears, click Next.
g.Select Base-64 encoded X.509 (.CER), and click Next.
h.Type in a unique name for the certificate you are exporting and click Next.
For example, "VS-root-CA".
i.Click Finish.
j.Click OK in the dialog box that displays the following message: The export was successful.
k.Repeat the preceding sub steps for each intermediate certificate in the chain. Note that there is no need to repeat these steps for the bottom entry of the chain because the server’s certificate already exists.
Intermediate Certificate
2. Select the next entry in the chain, double-click the server's certificate (i.e. server.cer) file and a Certificate dialog box opens.
a) Click Certification Path tab.
b) Highlight an entry of the certificate chain.
c) Click View Certificate.
d) In the Certificate dialog window, click the Details tab.
e) Click Copy to File...
f) In the Certificate Export Wizard that appears, click Next.
g) Select Base-64 encoded X.509 (.CER), and click Next.
h) Type in a unique name for the certificate you are exporting and click Next. For example, " VS-intermediary-CA".
i) Click Finish.
j) Click OK in the dialog box that displays the following message: The export was successful.
When you are done, you will have a certificate file (.cer) for each entry of the chain. In our example, there are three certificate files:
---BEGIN CERTIFICATE---
MIIFPDCCBCSgAwIBAgIQdc/+38qo3f3bZwozWEiUVjANBgkqhkiG9w0BAQUFADCB
vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
DTE0MDcwNzAwMDAwMFoXDTE1MDcwODIzNTk1OVowejAYELMAkGA1UEBhMCVVMxEzAR
---END CERTIFICATE---
- Double-click on the new file that you created and a Certificate dialog box opens
- Click on the Certification Path tab.
- Look at the tree-like structure representing the full certificate chain. The top of the chain is referred to as the root Certificate Authority (CA). The bottom of the chain represents your server's certificate. If your server is not listed one-level below the root CA, then your certificate was issued by an intermediary CA. However, if your server is listed one-level below the root CA, then the certificate was issued by the root CA. For example, the following screen capture shows a certificate chain where an root CA, VeriSign, issued a certificate for support.vertafore.com
You must export the certificate from the chain; first let’s start with the Root Certificate.
- Select the top of the chain, double-click the server's certificate (i.e. server.cer) file and a Certificate dialog box opens.
b.Highlight an entry of the certificate chain.
c.Click View Certificate.
d.In the Certificate dialog window, click the Details tab.
e.Click Copy to File...
f.In the Certificate Export Wizard that appears, click Next.
g.Select Base-64 encoded X.509 (.CER), and click Next.
h.Type in a unique name for the certificate you are exporting and click Next.
For example, "VS-root-CA".
i.Click Finish.
j.Click OK in the dialog box that displays the following message: The export was successful.
k.Repeat the preceding sub steps for each intermediate certificate in the chain. Note that there is no need to repeat these steps for the bottom entry of the chain because the server’s certificate already exists.
Intermediate Certificate
2. Select the next entry in the chain, double-click the server's certificate (i.e. server.cer) file and a Certificate dialog box opens.
a) Click Certification Path tab.
b) Highlight an entry of the certificate chain.
c) Click View Certificate.
d) In the Certificate dialog window, click the Details tab.
e) Click Copy to File...
f) In the Certificate Export Wizard that appears, click Next.
g) Select Base-64 encoded X.509 (.CER), and click Next.
h) Type in a unique name for the certificate you are exporting and click Next. For example, " VS-intermediary-CA".
i) Click Finish.
j) Click OK in the dialog box that displays the following message: The export was successful.
When you are done, you will have a certificate file (.cer) for each entry of the chain. In our example, there are three certificate files:
| Certificate type | Name | Certificate file name |
| Root | VeriSign | VS-root-CA.cer |
| Intermediary | VeriSign Class 3 International Server CA – G3 | VS-intermediary-CA.cer |
| Server | support.vertafore.com | Support_vertafore.cer |
0 comments