curl only checks the first certificate and not the complete chain.
Yes that’s the real problem.
I had a look at the openssl inside the site directory. It looks like there is a problem/miss-configuration with openssl.
If you do a “openssl version -a” you will get a strange “OPENSSLDIR”.
That’s the reason why it cannot find any certificates inside your site.
Quick solution for this problem
export SSL_CERT_FILE=/omd/sites/<sitename>/var/ssl/ca-certificates.crt
openssl s_client -connect www.myserver.com:443
also
~/lib/nagios/plugins/check_form_submit --port 443 --uri /login www.myserver.com
should not show any problems now.
I would put this export inside the “.profile” of the site.
This is again something for @robin.gierse as it is a bug inside the OMD distribution and would explain some strange certificate problems inside a CMK site.