CERT_AUTHORITY_INVALID

The server responded with a certificate that is signed by an authority that is not trusted. This could mean:

1. An attacker substituted the real certificate with a certificate that contains an attacker-controlled public key and is signed by an untrusted authority.
2. The server operator has a legitimate certificate from a CA that is not in the trust store but should be trusted.
3. The server is presenting a self-signed certificate, providing no defense against active attackers (but foiling passive attackers).