Page History
...
One drawback when using the above approach is that a web browser attempting to access a shrine host whose certificates have been configured this way will generate a warning. The reason for the warning is that, by default, the browser does not trust the CA that is used to generate the downstream certificate, because none of the ACT CAs are public. Consequently, any certificate that the CA signs is not trusted by the browser. While the browser can be configured to ignore the warning and the CA can be manually imported into the browser's trust store, some downstream sites may opt for a more elegant approach.
...
Overview
Content Tools