Root CA certificate missing from chain but only in IE, Chrome is fine

Question

Does anyone have any idea why the root CA certificate is completely absent (not just present but untrusted) from the HTTPS chain but only in Internet Explorer?

The certificate is installed as a trusted root CA, Google Chrome is fine, and both IE and Chrome share the same certificate store.

Wireshark packet captures haven't revealed anything unusual - regardless of whether the HTTPS connection worked properly or not, none of the TLS certificate chains include the root CA certificate so this appears to be normal and suggests that it's up to the web browsers to complete the chain.

I haven't been able to find anything at all online, hence this post.

Do you serve the intermediate certificates (as expected)? Otherwise results will vary depending on the client. — Håkan Lindqvist, May 17 '21 at 16:13
What does https://www.ssllabs.com/ssltest/ , https://testssl.sh/ or similar say? — Håkan Lindqvist, May 18 '21 at 08:00

score 0 · Accepted Answer · answered Sep 12 '21 at 13:30

0

Turns out that this was somehow caused by a partially-corrupted local user profile - recreating it resolved the problem.

answered Sep 12 '21 at 13:30

mythofechelon

905
3
24
42

Root CA certificate missing from chain but only in IE, Chrome is fine

1 Answers1