when you create a Microsoft Active Directory with a CA.
then join computers to the domain.
These computers will have the CA as a trusted authority installed on them.
So all the certificates you issue from that CA will be trusted then by these computers and no longer generate that error message in the browser.