Some secure web-sites with certificates from trusted authorities have incorrect configuration such that they don't include a chain of intermediate certificates of trust when serving their own certificate.
If you have a system/browser that has seen its share of valid certificates, such intermediaries may already be cached, and you won't be getting any error messages, even if their web-server configuration is still wrong as above.
However, if you're using a freshly installed browser on a fresh system, and such intermediaries weren't cached yet, and the certificate presented by the web-server is missing an appropriate chain of intermediaries, then you get an error message.
Here's an official explanation by a Mozilla developer in a Mozilla.org mailing list:
http://www.mail-archive.com/dev-security@lists.mozilla.org/msg02155.html
Bottom line: it is the fault of the web-site, even if it only happens in your freshly installed browser, and works fine elsewhere.
How they've fixed it in plain English:
They bought their certificate from a reseller of trust, and their web-server must have only been serving one certificate — their own — which your browser doesn't trust directly, since they bought it from a reseller you've never heard of.
Now, instead of serving just one certificate, they serve two right at the same time — their own ("*.upc.biz") and that of some certificate reseller ("AlphaSSL CA - G2"), and the certificate of such reseller completes the trust, since you now see that someone whom you trust ("GlobalSign Root CA") has vouched for such reseller of trust.
You can see more details about exact names involved here:
http://www.digicert.com/help/?host=web.upc.biz
Some other web-sites buy their certificates directly from a trusted authority, and not from a reseller, so, they only need to serve their own certificate, and everything will still be tip-top.
For example, linode.com bought their certificate directly from Equifax, which Mozilla trusts directly, so there's no need for Linode to include any copies of any certificates other than their own.
If someone is looking at this from a sysadmin perspective: http://serverfault.com/questions/532262/why-is-firefox-23-showing-untrusted-connection-errors contains useful info.
– kqw – 2014-03-28T14:09:58.863