Page History
...
One drawback when using the above approach is that a web browser attempting to access a shrine host whose certificates have been configured this way will generate a warning. The reason for the warning is that, by default, the browser does not trust the CA that is used to generate the downstream certificate is not recognized by default as a trusted CA. Consequently, any certificate that the CA signs is not accorded with trust trusted by the browser. While the browser can be configured to ignore the warning and the CA can be manually imported into the browser's trust store, some downstream sites may opt for a more elegant approach.
...
Overview
Content Tools