I have had a difficult time googling this but I'm sure this has come up before, and perhaps I'm not phrasing the question correctly. The work network has a highly strict firewall where unless the DNS name and port are explicitly whitelisted. I have an application on this network that needs to access a REST API endpoint at https://graph.microsoft.com. It runs on a Windows 2019 server. My issue is that although the DNS name and port (443) have been whitelisted, the client cannot validate the certificate because the certificate authorities are simply not accessible. If you open a browser on the server and go to the API endpoint, you get a connection reset error and the padlock icon indicates the site cannot be verified.
I tried (from another computer that has internet access) to download the certificate chain PEM file by clicking on the padlock icon, getting the certificate, then importing it into the Windows Certificate store. That didn't work. So I'm missing something crucial.
Could someone tell me a) if what I did above should have worked when only the REST endpoint address and port 443 are exposed on the firewall, b) if I absolutely need to expose the intermediate and root certificate authorities in the firewall (another service request), or c) if there is a whole other way to do this?