diff --git a/roles/yoda_external_user_service/defaults/main.yml b/roles/yoda_external_user_service/defaults/main.yml
index 898b76511..12fa3121b 100644
--- a/roles/yoda_external_user_service/defaults/main.yml
+++ b/roles/yoda_external_user_service/defaults/main.yml
@@ -43,4 +43,6 @@ eus_mail_template: uu
 openssl_private_dir: '/etc/pki/tls/private'
 openssl_certs_dir: '/etc/pki/tls/certs'
 openssl_key_signed: localhost.key
+openssl_crt_signed: localhost.crt
 openssl_crt_signed_and_chain: localhost_and_chain.crt
+openssl_chain: chain.crt
diff --git a/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2 b/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2
index 886b265cb..66de09b25 100644
--- a/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2
+++ b/roles/yoda_external_user_service/templates/yoda-external-user-service-vhost.conf.j2
@@ -75,7 +75,8 @@ Listen {{ eus_api_port }}
     #   the certificate is encrypted, then you will be prompted for a
     #   pass phrase.  Note that a kill -HUP will prompt again.  A new
     #   certificate can be generated using the genkey(1) command.
-    SSLCertificateFile      {{ openssl_certs_dir }}/{{ openssl_crt_signed_and_chain }}
+    SSLCertificateFile      {{ openssl_certs_dir }}/{{ openssl_crt_signed }}
+    SSLCertificateChainFile {{ openssl_certs_dir }}/{{ openssl_chain }}
 
     #   Server Private Key:
     #   If the key is not combined with the certificate, use this