We are having issues with providing proxy services to IIS when IIS is using a SAN certificate. Using Openssl to troubleshoot the issue via "openssl s_client -connect URL:443" we are getting a specific error message of "verify return code: 20 (unable to get local issuer certificate.) We have verified, via multiple ways, that the IIS certificate, intermediate and root certificate are all included in our ca-bundle in the correct format.
As a test, we have setup a SAN certificate on an IHS server and are able to process. What we seem to see in IIS is, it can read the certificate and identify the intermediate and root. But, it is not processing the intermediate and stops at that point.
Thanks,