How to get Apache 2.2 to send a complete certificate chain?

We are using Apache 2.2.25 with mod_ssl in reverse proxy mode using mod_proxy. It has a server certificate that we use for testing purposes released by GoDaddy. The chain has 3 certificate server cert -> GoDaddy intermediate CA -> GoDaddy Root CA. The CA CA (Go Daddy Secure Certificate Authority - G2) is not always on the list of trusted CAs.

The SSL connection to the server works well for browsers (at least for some), but not for some other clients. We noticed that our server does not send a full certificate chain using the following command: openssl s_client -showcerts -connect SERVER_URL:443indeed, the command reports an errorVerify return code: 21 (unable to verify the first certificate)

We use the directive SSLCertificateFilein each VirtualHost:

SSLCertificateFile certificate.crt

If the certificate.crt file contains the private key and all certificates in the chain. We tried to break it into the following:

SSLCertificateFile server.crt
SSLCertificateKeyFile server.key
SSLCertificateChainFile chain.crt

But that didn’t change anything.

Thank you for your help!

EDIT
The plot gets thicker - it looks like some kind of combination of certificate and server.
(testing is performed using the SSL Shopper tool )

• Go Daddy Certificate (as mentioned above) on Apache 2.2 (RHEL) - not working
• the same certificate works on IIS7
• client certificate (from Comodo) on Apache 2.2 RHEL - works