Getting CA Chain Certificates to work using Aegir 1.3

Aegir has been shipping with SSL support for quite a while now, but unfortunately chained certificates are not supported by default.

I found a quick and dirty fix a little while ago, but have not been able to find the link again. Follow the below steps to get this working:

1. I've attached a patch which updates 2 files.
   • provision/http/http.ssl.inc: Checks to see if there is a openssl_chain.crt file for the site being verified
   • provision/http/apache_ssl/vhost_ssl.tpl.php: Adds the necessary information to the site's vhost file if there is a chain cert
2. Download this patch to ~/.drush/provision
3. Test the patch works (dry run) with the following command: patch -p0 --dry-run < provision-1.2-chain_crt.patch
4. If there are no errors with the dry run, apply he patch: patch -p0 < provision-1.2-chain_crt.patch
5. Put all of your CA chain certificates into a single file called openssl_chain.crt
6. Move that file to ~/config/ssl.d/sitename.com/openssl_chain.crt
7. Log into the Aegir web interface, and verify the site in question.

To see if the CA chain certificate is working, I normally use SSL Checker which runs a few diagnostic tests on the SSL connection.

UPDATE 15/09/2011: I've also tested this patch with Provision 1.3 and it works fine.