"This certificate was signed by an untrusted issuer": what's causing such an error?

I am having trouble with a specific financial services provider; every time I try to visit myvisaaccount.com to check my card balance etc, I get the dreaded Chrome red strikethrough https and x-ed out padlock, with dire warnings about an insecure connection. If I try Safari or Firefox I get different visuals but the same message: invalid security certificate.

However, tech support for VISA does not see this problem from their own home or office computers.

So I am trying to find out why my OSX Lion laptop hates this web site so much. I have got into the Keychain Access tool and I have no personal certificates: empty list. System (and Root) Certificates are all up to date, with no anomalous descriptive text. And yes, my system date/time is correct and I am in the right time zone, and I am getting my date/time from Apple N America timeserver.

[Screenshot of failing certificate]

I am thoroughly out of ideas and very frustrated with this problem. What more can I do to diagnose or fix it?


Too much to post in a comment so I posted as an answer.

The reason that you are being told the certificate for https://www.myvisaaccount.com/ is not safe is that the root certificate that has been used to sign the www.myvisaaccount.com certificate is not valid on your system.

If you open the Keychain Access application and enter "Entrust" in the search box you should be present with something like seven certificates. Check the expiry date on the one titled "Entrust Root Certification Authority - G2". My guess is that it will have expired.

Screenshot of Keychain Access with Entrust certificates

If the certificate has expired (or does not exist at all), a potential fix for this is to just download and install a new "Entrust Root Certification Authority - G2" certificate. You can find the certificate on Entrust's website here. Just click the "Download" button under the G2 part of that page, this will download a "entrust_g2_ca.er" file to your Mac. Open that and it should automatically open the KeyChain Access application. By default it will likely offer to install to your "login" keychain, change that to add it to your "System" keychain.

It looks like you'll need to install the L1K certificate as well. Install both and then the certificate for the www.myvisaaccount.com should be validated as trusted.