Actually, it is (they're using an EV certificate from DigiCert).
The problem here is that their servers are misconfigured-- they're not sending the whole certificate chain (missing DigiCert's EV server intermediate CA). This caps their score on SSL Labs and apparently breaks the Comodo analyzer.
Doesn't seem to be anything else wrong, or anything that (AFAIK) impacts security. Just a performance problem (the browser has to download the missing intermediate if it's not already present in its cache).
> they're not sending the whole certificate chain (missing DigiCert's EV server intermediate CA)
This is probably the most common issue I see when people configure their https. It happens all the time and unless you test all the browser/system combinations, you won't even know that.
(Or unless you use ssllabs - they do a good job of showing the issue)
> the browser has to download the missing intermediate if it's not already present in its cache
Note that not all browsers support fetching the intermediate certificate if it's missing (one example being Firefox), so visitors might very well see interstitials if the intermediate certificate hasn't been seen (cached) before.
This seems to be due to an incomplete certificate chain, which is probably also the reason why Comodo's SSL Analyzer says the certificate isn't trusted. Only browsers that have previously cached the intermediate certificate (or those that automatically fetch them) would trust this certificate.
Without the chain issue, this would be an A or A+, unless I'm missing something.
The problem here is that their servers are misconfigured-- they're not sending the whole certificate chain (missing DigiCert's EV server intermediate CA). This caps their score on SSL Labs and apparently breaks the Comodo analyzer.
Doesn't seem to be anything else wrong, or anything that (AFAIK) impacts security. Just a performance problem (the browser has to download the missing intermediate if it's not already present in its cache).