Nginx expects all server section certificates in a file that you refer with ssl_certificate. Just put all vendor's intermediate certificates and your domain's certificate in a file. It'll look like this.

-----BEGIN CERTIFICATE-----MII...-----END CERTIFICATE----------BEGIN CERTIFICATE-----MII...-----END CERTIFICATE----------BEGIN CERTIFICATE-----MII...-----END CERTIFICATE-----

To make sure everything is okay and to avoid downtime, I would suggest you to setup Nginx locally, add 127.0.0.1 yourdomain.com to /etc/hosts, and try open it from major browsers. When you've verified that everything is correct your can replicate it to the production server.

When you're done, it is a good idea to use some SSL checker tool to verify (e.g. this one). Because pre-installed CA certificates may vary depending on browser and platform, you can easily overlook a misconfiguration checking from one OS or a limited set of browsers.

Edit

As @Martin pointed out, the order of certificates in the file is important.RFC 4346 for TLS 1.1 states:

This is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it.

Thus the order is:

• 1. Your domain's certificate
• 2. Vendor's intermediate certificate that certifies (1)
• 3. Vendor's intermediate certificate that certifies (2)
• ...
• n. Vendor's root certificate that certifies (n-1). Optional, because it should be contained in client's CA store.