The essential guide to SSL/TLS security & certificate automation ...

### Why does my certificate say "not trusted" even though it's valid? A certificate can show “not trusted” even when it’s valid because something in the trust chain, configuration or browser environment is incorrect. Here are the most common reasons: 1. **Missing intermediate certificates.** If the server isn’t sending the full certificate chain, browsers can’t verify the link between your certificate and the root authority. 2. **Wrong domain name (hostname mismatch).** The certificate must match the exact domain the user is visiting (including subdomains like … vs. non-www). 3. **Untrusted Certificate Authority (CA).** The certificate was issued by a CA that isn’t in the browser’s trusted root store, common with private, internal or self-signed certs. 4. **Outdated device or browser.** Older systems may not recognize newer root certificates, causing trust errors even for fully valid certs. 5. **Mixed HTTP/HTTPS resources.** If secure pages pull in insecure content or scripts, some browsers show warnings that resemble trust issues.