After having had EV SSL certificate installed a couple months we got an email from GoDaddy telling us the certificate chain was incorrect. They requested we disable 'GoDaddy Class 2 root certificate' and be sure that we had the correct certificates installed. (presumably i messed something up when i first configured it)
However I had not seen any certificate errors myself in the last couple months - but at least since making the changes they requested it seems that the certificate is testing OK now. (unfortunately i didnt not find this site until after I made the changes so I don't know what it would have tested before)
What I'm wondering therefore is what is the worst that could have happened in the meantime. Did some people not get a green bar? Did people get a warning? Or does it not really matter?
I'm also slightly concerned that other non EV certificates are affected by disabling all purposed for the Class 2 certificate - is that possible?
The worst that could happen is that users of older browsers will get an error that the certificate isn't trusted. The second worst that could happen is that the "green bar" won't show up for certain browsers.
Changing the Intermediate certificates that are sent (even by disabling a root) shouldn't have any effect on other non-EV certificates. You can usually trust your certificate provider to know how to get their own certificates to be trusted and compatible.
If your chain is incorrect, the most likely scenario is that people who do not otherwise have the full root cert chain for your CA's issuing certificate will receive errors.
EV certificates are fairly new. Even Thawte only introduced their full EV chain to more recent versions of browsers. For example, Firefox 2 and IE7 would throw a verification error unless the root certificates were updated. IE6 and Firefox2 will not display the green bar even if the certificate verifies without error, as the browser does not have support for displaying a green bar.
There are various workarounds that including adding the full chain on your servers and client-side JavaScript "magic" that the CA will provide, which will update the client certs.