Hazardous (3)
N/A
Recommended Mitigation
Access the domain through a modern browser to see if the user is alerted on the certificate's status. Since root certificates can be manually added to browsers, review if the Root CA listed in the certificate is indeed universally recognized. Some public websites are aimed for internal use, by trusting members of the root authority and in those cases a universally trusted CA is not required (although is still considered a best practice). In case this website is intended for public use, be sure to create the certificate using a reputable source