You may want to have full certificate chain for KATA Web UI. Here's how to do it.

Step-by-step guide

Preparing the certificate chain for use in nginx_gateway configuration

We start with full certificate chain in familiar form. Please note that certificate chain should contain desired intermediate authorities' public keys. Do not add private key to the chain.

First of all, we transfer it to the Central Node. It's recommended to do all further actions on Central Node, as in different *nix environments further steps may give different result.

To use it for product configuration, we should convert it to format, used by etcd.

Note that certificate is in one line, and that line breaks (CRLF) are replaced by \n symbols. So that's what we should do with our certifciate:

1. add \n to the end of each line:

   sed 's/$/\\n/' < cert.json > cert_n.json

2. Remove line breaks:

   tr -d '\n' < cert_n.json > cert_oneline.json

Now, certificate chain is ready to be used in nginx_gateway configuration. 

Importing the prepared certificate chain to nginx_gateway

The most convenient way is to first export nginx_gateway configuration to JSON format:

Now, find the place where certificate is located and replace it with created certificate chain.

Import the configuration back:

And that's it, now browsers will receive full certificate chain for KATA Web UI.