So we recently upgraded our SSL certificate to SHA256 to meet Google's new security policies,
and now we're getting very isolated incidents where browsers do not trust the new certificate because
the don't trust the CA that issued them. It first started from on a couple of our internal workstations
but we now have a customer with the same issue. From what I can see, it looks like the browser is
not seeing the first certificate in the chain, which is the Verisign root certificate, and then it doesn't
trust the rest of the chain.
Here's what our correct chain looks like:
And here's what I see on the clients with the error:
Could it be an issue on the Apache end, or maybe an obscure issue with Internet explorer?
It's odd that I don't even see the first certificate in the chain marked as invalid, I just don't see
a certificate at all.
an error.