I am writing a web app that connects to external web services. The external web services serve an intermediate certificate signed by Thawte SGC CA - G2.

When I setup IIS to run the web app using service account on a separate corporate domain (let's say, DEV\service_account), the application fails to validate the certificate because it doesn't trust the CA. However, when I use my own account, there is no such problem.

A look into the machine and my account certificate stores shows that Thawte SGC CA - G2 isn't in any of Personal, Intermediate or Trusted Root CA stores.

How then, does my account decide that the certificate can be trusted?