Comment 35 for bug 476683

Ron, This would appear to be a cPanel issue so I'll raise a bug on them. The basic issue is the delivery of the intermediate issuing CA from the cPanel web server on port 2096. It doesn't send it, so on first load you have an incomplete chain. If you happen to go the port 443 your browser will use AIA to grab the issuing CA or it will be correctly delivered by cPanel and you'll have fixed your issue. I've detailed my findings in the attached PDF. 2028.globalsign.com is from a different issuing CA so that will not clear the issue for you. I hope that's clear. In part it explains why it was hard to replicate when the original bug was created.