The server doesn't send all required intermediate certificate to make it possible for Firefox to build a certificate chain that ends with a builtin root certificate. The server also supports only weak cipher suites and doesn't support TLS 1.3 so is quite behind on security.

• https://www.ssllabs.com/ssltest/analyze.html?d=charts.londonstockexchange.com
• This server's certificate chain is incomplete. Grade capped to B.

Issuer 	GeoTrust TLS RSA CA G1
AIA: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Do NOT set trust bits on an intermediate certificate when prompted. Trust bits are only required for trusted root certificates and should never be set on an intermediate certificate.

The server needs to send the full certificate chain and include all required intermediate certificates. Firefox will cache intermediate certificates send by a server in the Certificate Manager for future use.

If you have visited a website that has send this intermediate certificate in the past then Firefox will not display the error page when you visit a server that doesn't send this intermediate certificate.

Thank you for the reply. I understand most of what you are saying, but just to clarift - is there anything I can do to fix the problem or is it down to the website in question?

Many thank again!

You can contact the website and ask them to fix this, but for now you can fix this by importing the missing intermediate certificate via the GeoTrustTLSRSACAG1.crt AIA link I posted above.

• http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt

Firefox will prompt to set some trust bits, but you shouldn't tick any of the boxes because that is only required for a trusted root certificate and not for intermediate certificates.