When checking your certificate on a site like the one from digicert. I’m often confronted with the following error:
This means that your certificate doesn’t contain the full certification path (and that some parts can’t even be found in the default trusted authority store). To fix this error on a linux PC, navigate to your directory where you saved your .crt file and make sure you also have the other .crt files, that make up the chain, present there.
Next we are going to make one file with all the necessary information in it.
cat certificate.crt > certificate.chained.crt cat chain01.crt >> certificate.chained.crt cat chain02.crt >> certificate.chained.crt
The “>>” appends the output to the file on the right. Repeat the last command as often as you need. You should end up with a .crt file with the complete tree. Use this certificate in your configuration.
For instance on nginx:
ssl_certificate /etc/ssl/certificate.chained.crt; service nginx reload
Run the test again and this should be the result