I provide an application hosting service, and most of my clients require SSL. In most cases I generate the CSR on the server (which I host), I send the CSR to the customer and they get a certificate issued by a CA, and everything works nicely. For testing, I generate a self-signed certificate, and this also works nicely (albeit, with the usual warning from the browser that the certificate is not signed).
But I have new client that doesn't use a CA - they generate the certificate themselves. I have implemented the certificate (eg: uat.mycustomer.com.cer), but when I browse to https://uat.mycustomer.com, I get the normal warning about the certificate being unsigned. When I check the certificate, it is issued by internal.mycustomer.com.
I informed my customer about the problem, so they sent me an additional certificate - the root authority (internal.mycustomer.com.cer). But I have no idea what to do with this.
How do I implement this additional certificate?