HOWTO: Assemble an entire Comodo certificate chain

A+ SSLLabs Rating Requires A Complete Certificate Trust Chain


To get the coveted A+ rating from SSL Labs, among other things, you’ll need to have a certificate installed that has the entire trust chain contained within it. I purchased a wildcard certificate from Comodo and they included all the necessary certificates in a zip file for me. It’s pretty straightforward once you know the order in which to stitch them together.

Extract all the files from the Comodo provided zip file.

Execute the following command:

cat yourDomainCert.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > yourEntireChainCertBundle.crt

Install this new certificate on your devices along with your private key and you’ll have the entire certificate trust chain contained within your certificate.

Easy as pie.