From 004b2cf5782d3b0ff6a5a3e35955cc31585b5571 Mon Sep 17 00:00:00 2001
From: Greg <2653109+glinton@users.noreply.github.com>
Date: Wed, 31 Jul 2019 17:59:54 -0600
Subject: [PATCH] Add intermediates when verifying cert in x509 input (#6159)

---
 plugins/inputs/x509_cert/x509_cert.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/plugins/inputs/x509_cert/x509_cert.go b/plugins/inputs/x509_cert/x509_cert.go
index 8558378d1..825fd5eeb 100644
--- a/plugins/inputs/x509_cert/x509_cert.go
+++ b/plugins/inputs/x509_cert/x509_cert.go
@@ -176,9 +176,16 @@ func (c *X509Cert) Gather(acc telegraf.Accumulator) error {
 
 			// The first certificate is the leaf/end-entity certificate which needs DNS
 			// name validation against the URL hostname.
-			opts := x509.VerifyOptions{}
+			opts := x509.VerifyOptions{
+				Intermediates: x509.NewCertPool(),
+			}
 			if i == 0 {
 				opts.DNSName = u.Hostname()
+				for j, cert := range certs {
+					if j != 0 {
+						opts.Intermediates.AddCert(cert)
+					}
+				}
 			}
 			if c.tlsCfg.RootCAs != nil {
 				opts.Roots = c.tlsCfg.RootCAs