Well, imho there's no difference between .crt or .pem files. Pem can contain multiple certificates though (according to
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1426)
I actually don't know how to change /usr/share/zentyal/stubs/core/haproxy.cfg.mas correctly (I want one cert for everything as well), and - I cannot figure out how to put all crt files in the correct order into the pem, as they have different names than in the commodo howto (COMODORSAAddTrustCA.crt, COMODORSADomainValidationSecureServerCA.crt, AddTrustExternalCARoot.crt, my_domain.crt, and my private key is in /var/lib/zentyal/CA/private, I think).
Anyway - wouldn't it be possible to overwrite files in /var/lib/zentyal/CA with the trusted cert files?
I really cannot understand why importing certs isn't part of zentyal, or why this procedure is that complicated! It looks to me, as if we just have to point to a bunch of files, and that's it! But this may be another thread...
Please help me out! I'm really lost with this stuff