Difference between chain.pem and fullchain.pem?

Which one should be used? chain.pem or fullchain.pem?

fullchain.pem = cert.pem + chain.pem

You typically use chain.pem (or the first certificate in it) when you're asked for a CA bundle or CA certificate.

You typically use fullchain.pem when you're asked for the entire certificate chain in a single file. For example, this is the case for modern versions of Apache and nginx.

7 Likes

Also adding to @griffin reply the fullchain.pem DOES NOT include a CA's Root Certificates.

6 Likes

No cert should ever include the signing root certificate.
Any program that requires one, was poorly written.

11 Likes

Hear hear.

6 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.