Comment # 3 on bug 1035644 from Andreas Stieger

According to https://www.digicert.com/digicert-root-certificates.htm
"DigiCert SHA2 High Assurance Server CA" is an intermediate, not a root.

Root:         DigiCert High Assurance EV Root CA
Intermediate: DigiCert SHA2 High Assurance Server CA

The actual root in in the trust list.

For HTTPS, filr.attachmategroup.com presents an incomplete certificate chain:

$ openssl s_client -connect filr.attachmategroup.com:443
> [...]
> Certificate chain
>  0 s:/C=US/ST=WA/L=Seattle/O=Attachmate Corporation/CN=filr.attachmategroup.com
>    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA

A correctly configured host:

$ openssl s_client -connect ev-root.digicert.com:443  -servername
ev-root.digicert.com

Certificate chain
> [...]
>  0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/
> street=Suite 500/street=2600 West Executive Parkway/postalCode=84043/C=US/ST=Utah/L=Lehi/O=DigiCert, Inc./CN=ev-root.digicert.com
>    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
>  1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
>    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
>  2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
>    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA