Multiple CA Certificates in a Single File

This section provides a tutorial example on how to store multiple root CA certificates in a single PEM file to be used by the OpenSSL module as the 'cafile' SSL context option.

Fixing the error occurred in the previous tutorial is not very hard. Here is what I did:

1. Run Firefox 3 and go to https://www.google.com/accounts/ServiceLogin.

2. Click the Lock icon on the right bottom corner of the browser window.

3. Click "View Certificate" button and go to the "Details" tab.

4. Select the root certificate, "Class 3 Public Primary Certification Authority", in the Certificate Hierarchy section and click "Export..." button.

5. Save the root certificate in "CA_for_Google.crt" using the "X.509 Certificate (PEM) format.

6. Concatenet CA_for_Google.crt to the end of CA_Bundle.crt using a text editor:

CA certificate for https://login.yahoo.com
-----BEGIN CERTIFICATE-----
MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYD
...
-----END CERTIFICATE-----

CA certificate for https://www.google.com/accounts/ServiceLogin
-----BEGIN CERTIFICATE-----
MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
...
-----END CERTIFICATE-----

7. Run the test script again:

herong> \local\php\php OpenSSL_HTTPS_file_get_contents_with_CA.php \
   https://www.google.com/accounts/ServiceLogin

<html>
<style type="text/css">
  <!--
  body { font-family: arial,sans-serif; background-color: #fff; ...
  td {font-family: arial, sans-serif;}
  .c { width: 4; height: 4; }
  a:link { color: #00c; }
...

The output looks good. Now I know that 'cafile' => 'CA_Bundle.crt' SSL context option can be used for multiple HTTPS servers with multiple CA certificates concatenated in a single file using the PEM format.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

 macOS Certificate Stores and Keychain Access

 Perl Scripts Communicating with HTTPS Servers

PHP Scripts Communicating with HTTPS Servers

 Configuring PHP OpenSSL on Windows

 Testing OpenSSL with file_get_contents()

 OpenSSL Configuration Errors

 SSL Context Options for OpenSSL

 Asking OpenSSL to Verify Server's Certificate

 OpenSSL Failing to Verify Server's Certificate

Multiple CA Certificates in a Single File

 Testing OpenSSL with fopen()

 Testing OpenSSL with fsockopen()

 Adding CA Certificates for the PHP Engine

 Testing OpenSSL with stream_socket_client()

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Archived Tutorials

 References

 Full Version in PDF/EPUB