The server presents an SSL/TLS certificate with issues such as expiration, hostname mismatch, self-signed certificate, or use of a weak signing algorithm.
Certificate issues undermine trust in the secure connection. Users may be trained to ignore security warnings, and attackers may exploit certificate weaknesses to perform man-in-the-middle attacks.
Obtain certificates from trusted Certificate Authorities. Ensure certificates match the server hostname. Implement certificate monitoring for expiration. Use certificates with SHA-256 or stronger signing algorithms. Implement certificate transparency monitoring.