Intermediate certificate not being loaded

Hi, we have Gitlab CE 8.12 loaded with a certificate from digicert.com. Digicert requires a chain or intermediate certificate.

The DigiCertSHA2HighAssuranceServerCA.crt.pem file which is provided by Digicert is loaded into the /etc/gitlab/trusted-certs/ and the system’s host certificate is loaded into /etc/gitlab/ssl/.

Using a browser to go to the site works without an issue, however DigiCert® SSL Installation Diagnostics Tool reports that:

The server is not sending the required intermediate certificate.

gitlab-ctl reconfigure

Recipe: gitlab::add_trusted_certs
  * directory[/etc/gitlab/trusted-certs] action create (up to date)
  * directory[/opt/gitlab/embedded/ssl/certs] action create (up to date)
  * file[/opt/gitlab/embedded/ssl/certs/README] action create (up to date)
  * ruby_block[Move existing certs and link to /opt/gitlab/embedded/ssl/certs] action run

  * Moving existing certificates found in /opt/gitlab/embedded/ssl/certs

  * Symlinking existing certificates found in /etc/gitlab/trusted-certs

 Skipping /etc/gitlab/trusted-certs/DigiCertSHA2HighAssuranceServerCA.crt.pem.

    - execute the ruby block Move existing certs and link to /opt/gitlab/embedded/ssl/certs

This is causing issues with other toolsets trying to integerate with Gitlab and in particular Gitlab CI.

Any ideas?

Ok quick solve there. Someone on the team found the solution.

Instead of putting the DigiCertSHA2HighAssuranceServerCA.crt.pem in the trusted-certs directory you concat them together with your host CRT.

cat /secure/path/hostname.crt DigiCertSHA2HighAssuranceServerCA.crt.pem > /etc/gitlab/ssl/hostname.crt