<div dir="ltr"><div>So we recently upgraded our SSL certificate to SHA256 to meet Google's new security policies, </div><div>and now we're getting very isolated incidents where browsers do not trust the new certificate because</div><div>the don't trust the CA that issued them. It first started from on a couple of our internal workstations</div><div>but we now have a customer with the same issue. From what I can see, it looks like the browser is</div><div>not seeing the first certificate in the chain, which is the Verisign root certificate, and then it doesn't</div><div>trust the rest of the chain. </div><div><br></div><div>Here's what our correct chain looks like: </div><div><img src="cid:ii_14de930a338ff48d" alt="Inline image 1" width="406" height="138"><br></div><div><br></div><div>And here's what I see on the clients with the error:</div><div><img src="cid:ii_14de93134f3a0391" alt="Inline image 2" width="381" height="157"><br></div><div><br></div><div>Could it be an issue on the Apache end, or maybe an obscure issue with Internet explorer? </div><div>It's odd that I don't even see the first certificate in the chain marked as invalid, I just don't see</div><div>a certificate at all.</div><div><br></div><div>If anyone cares to give it try for themselves, <a href="https://www.mb.bluecross.ca">https://www.mb.bluecross.ca</a> let me know if you get</div><div>an error. </div><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div>--</div>Wyatt Zacharias<div><br></div></div></div></div>
</div>