On Wed, Oct 8, 2014 at 6:05 PM, dE <de.tec...@gmail.com> wrote: > On 10/08/14 10:19, Igor Cicimov wrote: > > > >> You can find more about openssl tool set here: >> https://www.openssl.org/docs/apps/s_client.html, its perfect for ssl >> troubleshooting. >> >> By the way, did you import the CA_chain.pem in the browsers? > > > I thought browser only needs to have the self signed root CA. If I have > intermediate.pem installed, then of course things go as expected; but this > should be a certificate chain as provided by Apache. >
Apache does provide the certificate chain to the client/browser but the client/browser needs something to compare it against otherwise how is it going to know to trust it or not?