For anyone having issues with the correct certificate chain order in Apache, this may help.
After renewing a certificate on one of my servers, I decided to run it through Qualys SSL Server Test to make sure the server was handing out encryption correctly to my users. While at first glance everything appeared to be working properly, the tool reported troubles with the trust order of my certificates.
Eventually, I decided to try the test without the intermediate certificates and just include the root one – voila, issue resolved! To keep things simple, I decided to combine the two certificates into one file by extracting the first certificate out of the “ca-bundle” file (our root certificate) and merge it with the site certificate. It should look something like this.
-----BEGIN CERTIFICATE REQUEST----- Your websites SSL certificate -----END CERTIFICATE REQUEST----- -----BEGIN CERTIFICATE REQUEST----- Comodo Root CA Certificate (first certificate in ca-bundle) -----END CERTIFICATE REQUEST-----