I had the same issue before, had todo with the order of the certs that
reside inside your ssl_certificate file.
You need to include all intermediate CA certs in this file, and have them
in the right order.
All I had to do was reverse the order of the certs within that file, and my
problem was solved.
Your server cert should be on top, then simply go down the CA chain.
PS. My config looks like:
listen 443 default ssl;
ssl_protocols SSLv3 TLSv1;