Azure托管的网站证书链（comodo）间歇性地不发送完整的证书链_Azure_Iis_Openssl_Ssl Certificate_Certificate Authority

Azure托管的网站证书链（comodo）间歇性地不发送完整的证书链

azure iis openssl

Azure托管的网站证书链（comodo）间歇性地不发送完整的证书链,azure,iis,openssl,ssl-certificate,certificate-authority,Azure,Iis,Openssl,Ssl Certificate,Certificate Authority,我们在azure中托管一个网站。我们托管的服务有6个实例。在该服务上，我们添加了一个覆盖该站点的证书，并具有如下身份验证链： our certificate Comodo RDAOrganisation Validation Secure Server CA (2014 - 2029) Comodo RSA certification Authority (2000 - 2020) USERTrust (2000 - 2020) 我们可以在浏览器中看到，对于我们发出的任

我们在azure中托管一个网站。我们托管的服务有6个实例。在该服务上，我们添加了一个覆盖该站点的证书，并具有如下身份验证链：

our certificate
  Comodo RDAOrganisation Validation Secure Server CA (2014 - 2029)
    Comodo RSA certification Authority (2000 - 2020)
      USERTrust (2000 - 2020)

我们可以在浏览器中看到，对于我们发出的任何请求，该链似乎都正确存在，SSL握手可以完成

我们有一位客户报告说，他们在远程连接到我们时遇到了一些问题。他们一直在使用openssl来验证这一点的来源

我的知识在解释这一输出时出现了问题，我想知道您是否可以帮助我们发现差异，或者为我们或我们的客户确定下一步

运行的命令为

$ openssl s_client -CApath /etc/ssl/certs/ -connect <our service uri>

我的问题是，是什么导致了这种情况发生，这是服务器问题还是用户问题？特别是要记住，对于大多数用户的大多数请求，这似乎很好，我们是否需要采取任何后续步骤来确定问题

感谢您的时间：

事实证明，这与我们的服务定义和服务配置文件有关。在它们中，我们包含了我们想要呈现的证书，但没有包含它的身份验证链

MS支持人员建议我们尝试手动配置服务器实例

/J R

CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Organization Validation Secure Server CA verify return:1
depth=0 C = DK, <certificate information pertianing to our company >
---
Certificate chain
 0 s:/C=DK/<certificate information pertianing to our company >
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
Key is the same between both requests
-----END CERTIFICATE-----
subject=/C=DK/<certificate information pertianing to our company >
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 5052 bytes and written 509 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: <session id hidden>
    Session-ID-ctx:
    Master-Key: <key hidden>
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1436543517
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

CONNECTED(00000003)
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Organization Validation Secure Server CA verify error:num=20:unable to get local issuer certificate verify return:0
---
Certificate chain
 0 s:/C=DK/<certificate information pertianing to our company >
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
Key is the same between both requests
-----END CERTIFICATE-----
subject=/C=DK/<certificate information pertianing to our company >
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Organization Validation Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3649 bytes and written 509 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: <session id hidden>
    Session-ID-ctx:
    Master-Key: <key hidden>
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1436543605
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root