I am going to assume if you’re reading this you know what the job of Certificate Authority (CA) is. If not, give the following a read: http://en.wikipedia.org/wiki/Certificate_authority.
In this article I am going to pick on GoDaddy, but I want to be clear that they’re not the only offender, VeriSign, arguably the largest CA, has the same problem!
Warning: many reference to the word “certificate” to follow!
Okay, lets first start by looking at the issuer contents of a certificate signed by GoDaddy:
# openssl x509 -in signed_cert.crt -issuer -noout issuer= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./ OU=http://certificates.godaddy.com/repository/ CN=Go Daddy Secure Certification Authority/serialNumber=07969287
The problem with the above is not that it was signed incorrectly, but that it was signed by an intermediate certificate and not the CA’s root certificate. Now, in most cases simply adding the respective intermediate certificate to your web server config (see apache example below) will be sufficient for browsers to now “trust” this certificate, however, Firefox and IE7 are notorious for not (more on that below).
SSLCACertificateFile /path/to/certs/gd_intermediate.crt
In the case of Firefox (and sometimes IE7), the browser doesn’t always have a trust chain back to the root CA with the intermediate issuer and thus reports the certificate as “untrusted.” There are two options here: 1) you can import the CA’s intermediate certificate into each users browser, which obviously doesn’t scale. Or (2) create a pkcs7 certificate that includes the certificate chain back to the CA’s root certificate:
# openssl crl2pkcs7 –nocrl <ssl_public_crt> / –certfile <intermediate_crt> -outform PEM –out <new_pkcs7_crt>
Using method #2, will result in an updated certificate which will need to be assigned to your respective web service rather than the certificate returned from your CA (apache example below):
SSLCertificateFile /path/to/certs/<new_pkcs7_crt>
You should no longer have certificate trust issues. happy times 
kind of a big deal... well, not really.
You missed two directives from the Apache configuration. To install a SSL certificate signed by an intermediate CA you must install the intermediate certificate bundle (in case of GoDaddy = gd_intermediate_bundle.crt) on your Web server. You do not need OpenSSL. Just copy your SSL certificate file and the intermediate bundle file to your Apache server. You should already have a key file on the server from when you generated your certificate request.
Edit your Apache configuration (httpd.conf or ssl.conf) and set the values of these directives to the absolute path and filename of the appropriate file:
SSLCertificateFile /path/to/your/certificate/file
SSLCertificateKeyFile /path/to/your/key/file
SSLCertificateChainFile /path/to/intermediate/bundle/file
Save your configuration file and restart Apache!
Sounds easy?
Daniel