Sslmerge - Tool To Help You Build A Valid SSL Certificate Chain From The Root Certificate To The End-User Certificate

Is an open source tool to help you build a valid SSL certificate chain from the root certificate to the end-user certificate. Also can help you fix the incomplete certificate chain and download all missing CA certificates.

How To Use
It's simple:

# Clone this repository
git clone https://github.com/trimstray/sslmerge

# Go into the repository
cd sslmerge

# Install
./setup.sh install

# Run the app
sslmerge -i /data/certs -o /data/certs/chain.crt

• symlink to bin/sslmerge is placed in /usr/local/bin
• man page is placed in /usr/local/man/man8

Parameters
Provides the following options:

  Usage:
    sslmerge <option|long-option>

  Examples:
    sslmerge --in Root.crt --in Intermediate1.crt --in Server.crt --out bundle_chain_certs.crt
    sslmerge --in /tmp/certs --out bundle_chain_certs.crt --with-root
    sslmerge -i Server.crt -o bundle_chain_certs.crt

  Options:
        --help        show this message
        --debug       displays information on the screen (debug mode)
    -i, --in          add certificates to merge (certificate file, multiple files or directory with ssl certificates)
    -o, --out         saves the result (chain) to file
        --with-root   add root certificate to the certificate chain

How it works
Let's start with ssllabs certificate chain. They are delivered together with the sslmerge and can be found in the example/ssllabs.com directory which additionally contains the all directory (containing all the certificates needed to assemble the chain) and the server_certificate directory (containing only the server certificate).
The correct chain for the ssllabs.com domain (the result of the openssl command):

Certificate chain
 0 s:/C=US/ST=California/L=Redwood City/O=Qualys, Inc./CN=ssllabs.com
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
 1 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1K
   i:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
 2 s:/C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2
   i:/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority

The above code presents a full chain consisting of:

• Identity Certificate (Server Certificate)
  issued for ssllabs.com by Entrust Certification Authority - L1K
  
• Intermediate Certificate
  issued for Entrust Certification Authority - L1K by Entrust Root Certification Authority - G2
  
• Intermediate Certificate
  issued for Entrust Root Certification Authority - G2 by Entrust Root Certification Authority
  
• Root Certificate (Self-Signed Certificate)
  issued for Entrust Root Certification Authority by Entrust Root Certification Authority
  

Scenario 1
In this scenario, we will chain all delivered certificates. Example of running the tool:

Scenario 2
In this scenario, we only use the server certificate and use it to retrieve the remaining required certificates. Then, as above, we will combine all the provided certificates. Example of running the tool:

Certificate chain
In order to create a valid chain, you must provide the tool with all the necessary certificates. It will be:

• Server Certificate
• Intermediate CAs and Root CAs

This is very important because without it you will not be able to determine the beginning and end of the chain.
However, if you look inside the generated chain after generating with sslmerge, you will not find the root certificate there. Why?
Because self-signed root certificates need not/should not be included in web server configuration. They serve no purpose (clients will always ignore them) and they incur a slight performance (latency) penalty because they increase the size of the SSL handshake.
If you want to add a root certificate to the certificate chain, call the utility with the --with-root parameter.

Certification Paths
Sslmerge allows use of two certification paths:

Output comments
When generating the chain of certificates, sslmerge displays comments with information about certificates, including any errors.
Here is a list of all possibilities:

not found identity (end-user, server) certificate
The message is displayed in the absence of a server certificate that is the beginning of the chain. This is a unique case because in this situation the sslmerge ends its operation displaying only this information. The server certificate is the only certificate required to correctly create a chain. Without this certificate, the correct chain will not be created.

found correct identity (end-user, server) certificate
The reverse situation here - message displayed when a valid server certificate is found.

not found first intermediate certificate
This message appears when the first of the two intermediate certificates is not found. This information does not explicitly specify the absence of a second intermediate certificate and on the other hand it allows to determine whether the intermediate certificate to which the server certificate was signed exists. Additionally, it can be displayed if the second intermediate certificate has been delivered.

not found second intermediate certificate
Similar to the above, however, it concerns the second intermediate certificate. However, it is possible to create the chain correctly using the second certification path, e.g. using the first intermediate certificate and replacing the second with the main certificate.

one or more intermediate certificate not found
This message means that one or all of the required intermediate certificates are missing and displayed in the absence of the root certificate.

found 'n' correct intermediate certificate(s)
This message indicates the number of valid intermediate certificates.

not found correct root certificate
The lack of the root certificate is treated as a warning. Of course, when configuring certificates on the server side, it is not recommended to attach a root certificate, but if you create it with the sslmerge, it treats the chain as incomplete displaying information about the incorrect creation of the chain.

an empty CN field was found in one of the certificates
This message does not inform about the error and about the lack of the CN field what can happen with some certificates (look at example/google.com). Common Name field identifies the host name associated with the certificate. There is no requirement in RFC3280 for an Issuer DN to have a CN. Most CAs do include a CN in the Issuer DN, but some don't, such as this Equifax CA.

Requirements
Sslmerge uses external utilities to be installed before running:

• openssl

Other

Contributing
See this.

Project architecture
See this.

Download Sslmerge

More information

1. Hacker Tool Kit
2. Ethical Hacker Tools
3. Hacker Tools Hardware
4. Hack Tools Pc
5. Pentest Tools Kali Linux
6. Pentest Tools Port Scanner
7. Hacker Tools 2019
8. Hacker Tools List
9. Hack Tools Github
10. Easy Hack Tools
11. Pentest Tools Android
12. Pentest Tools Github
13. Hacking Tools
14. Hacker Tools Windows
15. Hacker Tools Hardware
16. New Hack Tools
17. Hack Tools For Ubuntu
18. New Hacker Tools
19. Easy Hack Tools
20. Hacker Tools List
21. Hack Tools
22. Hacker Tools 2020
23. Pentest Tools Website
24. What Is Hacking Tools
25. Pentest Tools For Windows
26. Hack Tools Mac
27. Android Hack Tools Github
28. Hackrf Tools
29. Bluetooth Hacking Tools Kali
30. Pentest Recon Tools
31. Hack Tools
32. Nsa Hack Tools Download
33. Hacker Tools Windows
34. Hacker Tools Free
35. Pentest Tools Online
36. Hack Tools Online
37. Hacking Tools For Windows 7
38. Computer Hacker
39. Hacking Tools 2019
40. Tools For Hacker
41. Hack Tools For Pc
42. Pentest Tools Tcp Port Scanner
43. Hacking Tools
44. New Hack Tools
45. Hacker Techniques Tools And Incident Handling
46. Pentest Tools Apk
47. Hacker Tools Mac
48. Hack Tools
49. Computer Hacker
50. Hacker Tools Mac
51. Hacker Tools For Pc
52. Pentest Tools Nmap
53. Hacking Tools Mac
54. Pentest Tools Port Scanner
55. Hacking Apps
56. Hacking Tools For Kali Linux
57. Tools Used For Hacking
58. Pentest Tools Open Source
59. Pentest Tools List
60. Hacking Tools For Kali Linux
61. Best Hacking Tools 2020
62. Hacking Tools For Games
63. Hacker Tools For Mac
64. Hack Tools Online
65. New Hack Tools
66. Pentest Tools Kali Linux
67. Hacking Tools Free Download
68. Hack Tools Pc
69. Pentest Automation Tools
70. Hacking Tools Online
71. Hacking Tools 2019
72. Hack Tools For Games
73. Pentest Tools Review
74. Hacking Tools For Windows Free Download
75. Pentest Reporting Tools
76. Hack Rom Tools
77. Hacker Tools Online
78. Hack Tool Apk
79. Nsa Hack Tools Download
80. Pentest Tools Port Scanner
81. Hacker Tool Kit
82. Hacking Tools Download
83. Top Pentest Tools
84. Hacks And Tools
85. Hack Rom Tools
86. Hacking Tools Windows 10
87. Hacking Tools Hardware
88. Pentest Automation Tools
89. Hacking Tools Software
90. Top Pentest Tools
91. Hack Tools Download
92. Best Pentesting Tools 2018
93. Hacker Tools 2019
94. Underground Hacker Sites
95. New Hacker Tools
96. Hack Tools Pc
97. Hack Tools Download
98. Pentest Tools Nmap
99. Nsa Hacker Tools
100. Hacking Tools For Beginners
101. Hacks And Tools
102. Hack Rom Tools
103. Nsa Hack Tools Download
104. Hacking Tools For Mac
105. New Hack Tools
106. Hacker Security Tools
107. Pentest Tools
108. Pentest Tools
109. Pentest Automation Tools
110. Hacker Tool Kit
111. Hacking Tools For Kali Linux
112. Hacking Tools For Beginners
113. Wifi Hacker Tools For Windows
114. Hackrf Tools
115. Hack And Tools
116. Pentest Tools Subdomain
117. Tools For Hacker
118. Hacker Tools Apk
119. Hacker Tools Windows
120. Hack Tools For Windows
121. Hacker Tools Github
122. Hack Tools 2019
123. Hack Tools Github
124. Hack Tool Apk No Root
125. Hacker Techniques Tools And Incident Handling
126. Hacker Tools Free
127. Pentest Tools For Windows
128. Termux Hacking Tools 2019
129. Pentest Tools Subdomain
130. Computer Hacker
131. Hack Tools For Ubuntu
132. How To Make Hacking Tools
133. Hackers Toolbox
134. Hack Tools Mac
135. Tools For Hacker
136. Pentest Tools Subdomain
137. Tools Used For Hacking
138. Hacker Tools Online
139. New Hacker Tools
140. Top Pentest Tools
141. Hack Tools Online
142. Pentest Box Tools Download
143. Hack Tools Mac
144. Hack Rom Tools
145. Hack Website Online Tool
146. Hacking Tools For Windows 7
147. Pentest Tools Bluekeep
148. Hak5 Tools
149. Hacking Tools Hardware
150. Top Pentest Tools
151. Github Hacking Tools
152. New Hack Tools
153. What Are Hacking Tools