Certificate chain from external intermediate CA is not valid

I was trying to create an offline root CA and then create intermediate CA to assign to certain appliances (I have started with a TrueNAS 12 and a pfSense).

My steps have been following https://jamielinux.com/docs/openssl-certificate-authority/ 

Once I had a root certificate and two intermediate certificates, I imported the root certificate to TrueNAS --without private key-- and then imported the intermediate CA --putting the chain in the certificate field and adding the private key in its field.

However, there is something wrong, Firefox recognizes the individual certificates but fails to detect it as a valid chain, and `openssl s_client` gives the following:

➜  intermediate openssl s_client -showcerts -debug -connect freenas.betarho.lan:443 > /tmp/cacert.pem

depth=0 CN = FreeNAS Domain, C = ES, ST = Barcelona, L = Barcelona, O = BetaRho, emailAddress = freenas@betarho.net
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = FreeNAS Domain, C = ES, ST = Barcelona, L = Barcelona, O = BetaRho, emailAddress = freenas@betarho.net
verify error:num=21:unable to verify the first certificate
verify return:1

For comparison, following the same steps in the pfSense (also BSD-based) gives the following:

➜  intermediate openssl s_client -showcerts -connect pfsense.betarho.lan:443 > /tmp/cacert.pem       
depth=2 C = ES, ST = Barcelona, L = Barcelona, O = BetaRho, CN = Arkenstone CA, emailAddress = admin@betarho.net
verify return:1
depth=1 C = ES, ST = Barcelona, O = BetaRho, CN = pfSense Intermediate CA, emailAddress = admin@betarho.net
verify return:1
depth=0 CN = pfSense Web UI, C = ES, ST = Barcelona, L = Barcelona, O = BetaRho
verify return:1

and everything is good in that case.

The bug seems easy to replicate. Unless I am doing something wrong and it's not a bug, of course, I am by no means an expert on managing CA and certificates.