A customer has given us 3 certificates, which were installed on a windows server in the order and :
- Issued by Verisign, for Symantec (certificate only, installed as intermediate)
- Issued by Symantec, for CompanyX (certificate only, installed as intermediate)
- Issued by CompanyX, for CompanyX (certificate and key, installed as Personal)
In mmc, when I inspect #2, I can see the chain as:
Verisign (root) -> Verisign (intermediate) --> Symantec (intermediate)
When inspecting #3 (the self signed certificate), there is no chain. There's only CompanyX.
Seems like windows is failing to establish the chain between the last intermediate and the self signed certificate, so when clients connect to the web server, they see a self-signed or untrusted certificate warning, presumably because the server is not publishing the intermediate certificates.
I've already verified that common names match exactly, and repeated the installation procedures a few times. Did I do something wrong installing the certificates? Am I missing something?