I concatenated both Gandi's intermediate certificate (https://www.gandi.net/static/CAs/GandiStandardSSLCA2.pem) and my website certificate (mywebsite.crt) and all the browsers complained that my website wasn't safe.
I was wondering what was going on with my certificate and I found out when I read this. As my server is Nginx rather than Apache, I had to do a slightly different thing.
I downloaded the Root CA certificate and converted it to pem (I mostly copied an pasted from your blog post):
wget -q -O - http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | openssl x509 -inform der -outform pem > FinalRootCA.pem
Then, I concatenated the certificates:
cat mywebsite.crt GandiStandardSSLCA2.pem FinalRootCA.pem > TheUltimateCertificate.crt
I checked if -----BEGIN CERTIFICATE----- is always at the beginning of the line and in the same line as -----END CERTIFICATE-----. It wasn't so I had to fix it easily: just changing:
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
to -----END CERTIFICATE-----
And I saved the fixed version of file TheUltimateCertificate.crt, which is the one I use and it works fine because the browsers say my website is safe:
listen 443 ssl;
index index.php index.html;
Thank you for making me see the light.