- Specify any intermediate certificates
If your certificate is signed by a Certificate Authority, then it will typically have been signed by an intermediate certificate or two, not by the CA root certificate. As an example, the certificate chain for www.example.com looks like this:
DigiCert (the CA root)
\- DigiCert SHA2 High Assurance Server CA (an intermediate cert)
\- www.example.com (the end-entity cert)
If you have any intermediate certificates in your chain you should have them in a separate file. You can and should omit the root certificate.
The certificate chain for www.example.com result would look like this:
public certificate at the top:
followed by any intermediate certificate(s):
Again most lines have been omitted and replace with …
The last input you require is your certificate’s corresponding RSA private key in PEM format. It will look slightly different, something like this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
It is important that the private key is not password protected. Also, unlike the default for some Base64 encoding tools, the line length must be 64 characters.
In most scenarios the openssl software can help produce the required files and convert them to the appropriate format.