SA does not show the full certificate chain by default. You can customize the SSL configuration to enable this feature.
Below is the procedure to enable Security Analytics to serve up the full certificate chain,
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
vi /etc/pki/tls/certs/server-chain.crt
#
openssl x509 -text -in /etc/pki/tls/certs/rootCA.crt >> /etc/pki/tls/certs/server-chain.crt
openssl x509 -text -in /etc/pki/tls/certs/subCA.crt >> /etc/pki/tls/certs/server-chain.crt
# openssl s_client -connect 10.10.10.10:443
CONNECTED(00000003)
depth=2 /C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE ROOT CA/emailAddress=root@localhost
verify return:1
depth=1 /C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE SUBORDINATE CA/emailAddress=root@localhost
verify return:1
depth=0 /C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE/emailAddress=root@localhost
verify return:1
---
Certificate chain
0 s:/C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE/emailAddress=root@localhost
i:/C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE SUBORDINATE CA/emailAddress=root@localhost
1 s:/C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE ROOT CA/emailAddress=root@localhost
i:/C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE ROOT CA/emailAddress=root@localhost
2 s:/C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE SUBORDINATE CA/emailAddress=root@localhost
i:/C=XX/ST=XX/L=XX/O=EXAMPLE/OU=EXAMPLE/CN=EXAMPLE ROOT CA/emailAddress=root@localhost