OS X Not Trusting Thawte Primary Root CA - G3

We recently renewed our Nginx webserver's Thawte SSL certificate. Previously we'd been using SHA1 as the signing algorithm, but this time used SHA256 which leads to a new root certificate known as "thawte Primary Root CA - G3" (this can be found on their website - not enough rep to post the link).

Since rolling out we started getting calls from customers using OS X about getting the error "This certificate was signed by an unknown authority" when browsing to https page.

Thawte's certificate checker is perfectly happy with our installed certificate chain: https://ssltools.thawte.com/checker/views/certCheck.jsp (we have our certificate, plus "thawte Extended Validation SHA256 SSL CA" intermediate in the pem file)

After testing, we found errors occurs under Safari, Opera and Chrome on OS X os all versions. Firefox was OK under OS X (I believe it ships with it's own certificate trust store). All browsers seem OK under Windows.

When we checked the OS X Access Keychain, we found the thawte Primary Root CA - G3 WAS installed, but somehow the browser wasn't managing to complete the chain.

Here's a test site (not ours) using the same intermediate and root which exhibits exactly the same symptoms under OS X:

https://ssltest8.bbtest.net/

Can anyone explain why OS X is not recognising the root CA for this site as being trusted when it is installed in the Access Keychain of OS X 10.9 by default?

Thawte just emailed me with the same info that the root cert in question is not valid for EV certificates. Looks like using a SHA256 cert + the Thawte SHA1 root is the interim solution until Apple fix it. Thanks.

FYI, GlobalSign's SHA256 chain link seems to be fine on MacOS.