At work we had the problem, that our web-sites had valid certificates signed by an CA, but we still had the “This connection is untrusted” problem.
So we found out, that our certificate chain was not delivered by the webserver, because it was not stored on it 😉
In our case we fixed it by downloading the certificate chain at DFN and included the certificate beneath public and private keys in our apache configuration (in sites-available/default-ssl could be httpd.conf too)
The following line is normally commented out in the configuration file.
SSLCertificateChainFile /path/to/chain/certificate/cert-chain.pem
Some links:
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
https://www.pki.dfn.de/
http://www.spline.de/index.php/Howtos:DFN-CA_ZertifikateServer