Misconfigured web server behind grigoriefflab.umassmed.edu

The webserver behind grigoriefflab.umassmed.edu used to download CISTEM at https://grigoriefflab.umassmed.edu/sites/default/files/cistem-1.0.0-bet… , is misconfigured.

It does not send the whole certificate chain, instead sending only the certificate for *.umassmed.edu. This works for web browsers, as they cache intermeddiate certificates, but when used with wget or other tools, it fails with:

ERROR: The certificate of ‘grigoriefflab.umassmed.edu’ is not trusted.
ERROR: The certificate of ‘grigoriefflab.umassmed.edu’ doesn't have a known issuer.
 

This prevents anyone from installing CISTEM and other tools distributed from this server using commandline tools.

Output of `openssl s_client -connect grigoriefflab.umassmed.edu:443`:

CONNECTED(00000003)
depth=0 C = US, ST = MA, L = Worcester, OU = Information Technology, O = UMass Medical School, CN = *.umassmed.edu
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = MA, L = Worcester, OU = Information Technology, O = UMass Medical School, CN = *.umassmed.edu
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:C = US, ST = MA, L = Worcester, OU = Information Technology, O = UMass Medical School, CN = *.umassmed.edu
   i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
---
Server certificate
...

Compare with https://nginx.org/en/docs/http/configuring_https_servers.html section SSL certificate chains. As you can see, your certificate is signed by an intermediate certificate which is then not sent by your server. Because the C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018 certificate is not a root certificate, commandline tools and some browsers will refuse to connect.

Please forward this to whoever is responsible for the server.

Thanks in advance

Karel