Unfortunately I had to re-evaluate my SSL config for the SSL-chain on the Kace K3000 virtual appliance.
But what I found was i neat script that created the right key + certificate and intermediate certificate.
Use this for your own convinience.
———-snip——————-
# SHA512 testcase — all 3 layers.
#
LEN=${LEN:-2048}

# create a root.
openssl req -new -x509 -nodes -out ca.crt -keyout ca.key -subj /CN=DaRoot -newkey rsa:$LEN -sha512 || exit 1

# create an intermediate & sign
openssl req -new -nodes -out ca-int.req -keyout ca-int.key -subj /CN=Zintermediate -newkey rsa:$LEN -sha512 || exit 1
openssl x509 -req -in ca-int.req -CAkey ca.key -CA ca.crt -days 20 -set_serial $RANDOM -sha512 -out ca-int.crt || exit 1

# chain
#
cat ca.crt ca-int.crt > ca-all.crt

for who in 192.168.1.45
do
# create a request
openssl req -new -out $who.req -keyout $who.key -nodes -newkey rsa:$LEN -subj /CN=$who/emailAddress=$mikael_jensen@dell.com || exit 1

# sign the request
openssl x509 -req -in $who.req -CAkey ca-int.key -CA ca-int.crt -days 10 -set_serial $RANDOM -sha512 -out $who.crt || exit 1

# create some convenience formats
#
openssl x509 -in $who.crt -out $who.der -outform DER || exit 1
openssl pkcs12 -export -out $who.p12 -in $who.crt -inkey $who.key -chain -CAfile ca-all.crt -password pass:$PASS || exit 1
done

——————-snip done——————-

Use this as a script on a *nix machine with openssl package installed. I did it on a Fedora 20 laptop.