Windows likes to have the CA that signed your certificates in the root store. Some times the individual certificate for the site can be put in the root store and sometimes not. But if you put the CA's (the issuer) certificate in the root store then any certificate that it has signed(issued) will be accepted without error.
I've never acquired a commercial cert for my Zimbra install but I'm sure that wherever you acquired your commercial cert should also provide you with a CA cert to install.
If Windows does not find the issuers cert in its root store it considers the chain broken. |