Hi, I have an issue whereby any certificates that I issue report "You have not chosen to trust the issuer of the server's security certificate". The certificate chain is show as ok and if I validate the certificate using certutil -v -verify -urlfetch certificate.cer and there are no errors. I have tried the issues certificates on a normal IIS web site and there are no errors. The errors only occur when they are used with applications, such as Citrix SSL Relay. I have tried an external certificate as a test and the Citrix application works fine. I have also created a standalone CA, just as test, and issued certificates, both SHA1 and SHA256 and these work fine. It only seems to be certificates that I issue from my issuing CA, which has an offline Policy CA as its parent. The offline Policy CA has an offline Root CA as its parent. I have never had this issue before and we have installed Citrix SSL Relay on other projects. The only difference seems to be, we have a three tier hierarchy and we are using SafeNet HSMs to store the private key material for all of the CAs. Is this an issue with installing certificates in the chain into the client's web browser. I have checked the clients certificate store and the Root CA certificate is in the Trusted Root store and the Issuing and Policy certificates are in the Intermediate store.
Any help in troubleshooting this issue or a resolution would be greatly appreciated.
Here is a screenshot of my error: