Consul UI TLS trust root CA from client browser

Currently have a TLS setup with the recommended local, private CA. And using Vault to manage a Intermediate CA signed by this root CA. Consul is then issued a certificate and key from the Vault intermediate CA.
However when accessing the UI on the browser, the certificate is untrusted, even with the root CA trusted.
I think this is to do with consul not sending the intermediate CA during the SSL handshake?