3602250 - X.509 SSO authentication fails when CA issues intermediate certificate

When X.509 certificate issued by CA includes an intermediate certificate, the SSO fails after following the Steps in Configure SSO with X.509 Authentication for SAP HANA XS Applications | SAP Help Portal. 
After enabling debug traces on section Authentication and Crypto, below error can be found in debug traces.

1. Enable tracing:

   alter system alter configuration ('<service>.ini','SYSTEM') SET ('trace','crypto')='debug',('trace','authentication')='debug',('trace','commoncrypto')='debug' with reconfigure;

2. Reproduce the SSO issue.
3. Disable tracing:

   alter system alter configuration ('<service>.ini','SYSTEM') unset ('trace','crypto'),('trace','authentication'),('trace','commoncrypto') with reconfigure

• Symptom 1:
  

  # --- Messages -----------
  ERROR: The chain of certificates is incomplete or untrusted, missing certificate of [<serial number>] CN=<X 509 user name>
  .......
  [00000]\{0000\}[0/-1] YYYY-MM-DD HH:MM:SS.sssss i Authentication   MethodX509Internal.cpp(00195) : unsuccessful login attempt via X509Internal! (could not validate certificate)

• Symptom 2:
  [00000]\{00000\}[0/-1] YYYY-MM-DD HH:MM:SS.sssss d Authentication   MethodX509Internal.cpp(00211) : subject=CN=<X 509 username>, issuer=<Entity of the End-Entity Certificate>
  [00000]\{00000\}[0/-1] YYYY-MM-DD HH:MM:SS.sssss d Authentication   MethodX509Internal.cpp(00217) : getX509UserMapping with Utf8 NOT successful retrying with Latin1 

• SAP HANA Platform Edition 1.0
• SAP HANA Platform Edition 2.0

unsuccessful login attempt via X509Internal, could not validate certificate, getX509UserMapping, with Utf8 NOT successful retrying with Latin1 , KBA , HAN-DB-SEC , SAP HANA Security & User Management , HAN-STD-ADM-SEC , SAP HANA Security & User Management (Studio) , How To