Thanks Dan, it worked for me as you described it. With a small deviation on point three:
When I also concatenate the domain.crt into commercial_ca.crt instead of only DigicertCa.crt and Trustedroot.crt I receive an error when verifying it, thus I only incorporated DigicertCa.crt and Trustedroot.crt into commercial_ca.crt.
Other than that, it all worked well.