Strange certificate behaviour

[Rick25]

We're moving to a new certificate and this one is a 4 cert chain including the server certificate.

In windows and in IIS I see the full chain of 4. But when I connect to the webpage it's only showing the server cert and the two intermediates. No errors however.

When I look at the Chrome cert store, I see entries for both cert 3 and 4 (the one that doesn't show). Is the website just moving up the chain until it finds a certificate it will trust?

 

[Mental Gear Reduction]

The fourth cert is probably already trusted, either by the browser directly (if it's a public cert), or by the OS (if it's your own master cert.) It's probably only showing the certs it didn't already know.

 

[Rick25]

It's a public cert, both 3 and 4 are in the Chrome store so that lines up with what I was thinking and it's just moving up until it finds a root it trusts.

 

[Mental Gear Reduction]

The website tester at www.ssllabs.com will show you the full certificate chain presented by your site, and will indicate which are already in browser trust stores.

Don't trust a good rating there, that site hasn't been updated in years.