During the SSL certificate exchange the web server (in this case Apache) can provide the client with additional certificates to enable it to establish a chain of trust. Use the SSLCertificateChainFile directive in your site config, something like:
SSLCertificateChainFile /etc/apache2/ssl/ExternalCARoot1.crt SSLCertificateChainFile /etc/apache2/ssl/CACompanySecureServerCA.crt
According to the apache help, you can cat these two together and just specify one file. Say the browser trusts RootCA1, it can check that RootCA1 signed ExternalCARoot1.crt, which signed CACompanySecureServerCA.crt, which signed my certificate. Without those intermediate certificates, the browser cannot establish trust.