The client needs to have (And trust) a certificate in the path... For example the client needs (At minimum) the root cert installed and trusted to sign certs. The server then needs present ALL the certs in the chain between what the client trusts and the end-cert that authenticates the site.
e.g. If you have root->chain1->chain2->site (4 certs) and the client trusts root (only) then the SSL profile needs to precent chain1, chain2 and the site cert.
if the client has root, chain1, chain2 then the SSL profile needs to present only the site cert.
The client MUST have AT LEAST one of the certs in the chain (root -> site) installed and trusted.
H