From e63d3e16a125c7c22adb00bd7cd11ce9054b8ea2 Mon Sep 17 00:00:00 2001
From: "Ernest W. Durbin III" <ewdurbin@gmail.com>
Date: Fri, 23 Feb 2018 18:00:07 -0500
Subject: [PATCH] Serve certificate chain when fetching certificate from PKI
 (#246)

---
 vault/pki.go | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/vault/pki.go b/vault/pki.go
index 3625537f..0c0c0389 100644
--- a/vault/pki.go
+++ b/vault/pki.go
@@ -26,18 +26,23 @@ func FetchCertificate(path string, body map[string]interface{}) (*tls.Certificat
     if !ok {
         return nil, errors.New("Certificate not found in response")
     }
+    issuingCACertRaw, ok := resp.Data["issuing_ca"]
+    if !ok {
+        return nil, errors.New("Issuing CA Certificate not found in response")
+    }
     keyRaw, ok := resp.Data["private_key"]
     if !ok {
         return nil, errors.New("Private key not found in response")
     }
 
     cert, ok := certRaw.(string)
+    issuing_ca_cert, ok := issuingCACertRaw.(string)
     key, ok := keyRaw.(string)
-    if cert == "" || key == "" {
-        return nil, errors.New("Cert and key could not be asserted to string")
+    if cert == "" || key == "" || issuing_ca_cert == "" {
+        return nil, errors.New("Cert, Issuing CA Cert, and Key could not be asserted to string")
     }
 
-    pair, err := tls.X509KeyPair([]byte(cert), []byte(key))
+    pair, err := tls.X509KeyPair([]byte(cert + "\n" + issuing_ca_cert), []byte(key))
     if err != nil {
         return nil, err
     }