Heroku SSL: install intermediate cert?

Question

My registrar, gandi, gave me an intermediate cert to install, so I have 3 files:

1. Private key file (server.key)
2. Certificate file (mycert.crt)
3. Intermediate cert (GandiSomething.pem)

I'm using the SSL Beta service on heroku. The heroku CLI heroku _certs:add, takes exactly two arguments, CRT and KEY. how do I install the intermediate cert?

Answer 1

Paul is right, you can combine certificates:

cat ssl.crt middle.crt root.crt > all.crt

Be assured that newlines at the end of cert files!

And upload it to Heroku (use add if you haven't SSL Endpoint yet):

heroku certs:update --app $YOUR_APP --confirm $YOUR_APP all.crt private.key

But there are some tricks you haven't forget:

1. Update your DNS CNAME record. Change target from <app>.herokuapp.com to secure <domain>.herokudns.com (be careful, if you have *.your.domain record it can catch requests and forward it to another server)
2. Check the cert chain works right: SSL Checker
3. Flush local DNS: Flush DNS tips (antivirus also can patch and cache you connections)
4. Restart your browser (to flush browser's cache too)
5. Check your app with browser by https:// connection

Answer 2

The solution here is to combine the intermediate cert and the generated cert into one file, as described here. Because that link is shady, here's how the cert file should look once combined:

-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----

Then, this command will work:

heroku _certs:add --app name-of-my-app file-with-combined-certs.crt myserver.key