There are two types of certificate authorities (CA):-
The certificates are issued by a trust certificate authority. If the certificate is not by a trust CA, The connecting device (usually a web browser) checks from where the CA got its certification. The browser will check until a trust CA is found. If not found, the connecting device will show an error. The list from root CA to the end- user certificate is called a chain. When the whole chain consists of untrusted certificates, It is known as the invalid certificate chain. This will also affect the redirection to HTTPS as well.
Using this vulnerability, an attacker can:-
Beagle recommends the following:-