If this trust evaluation fails, the client refuses to connect. This can happen for a variety of reasons, some benign—the server might be using a self-signed certificate, an intermediate certificate is missing, and so on—and some malicious—the server is an impostor, looking to steal the user’s data. This document describes the reasons why server trust evaluation can fail, and how this problem can be resolved while not compromising the user’s security.

Source: Technical Note TN2232: HTTPS Server Trust Evaluation