The certificate is not trusted, because the issuer has it self signed.
HTTP Strict Transport Security: false
HTTP Public Key Pinning: false
This problem occurs only with self signed certs.
In NS there is no authrity which could be installed as trusted, so you have no chance to get this cert accepted by newer browsers, because there is no possibility to give an execption.
Chromium based brwoser changed from SSL with CN (common name) to SSL with SAN (Subject Alternative Name).
The rootCA-auth.crt is a rootCA which can be used as authority when installed in the machines trusted authority datadase. Once installed every server which uses a cert signed by this authority is accepted, in this case it’s server.crt.
So that’s not a problem (IMVHO).
Many devices currently supports TLS over HTTP, and i have a lot of self signed certificates memorized into my browsers. NethServer is a small exception when i have static IP AND hostname, so Letsencrypt solved the issue.
Devices that i use that are using self-signed certificates:
Switches
Printers
Access Point
Firewall appliances
IP-Enabled cordless phones
DSL Routers
And I’m glad that TLS is used, because i can publish (if i want) the devices for remote monitoring. Even with account login data…
Install (moreover, manage) a CA when it’s useful only for have fewer clicks on self-signed certificates… it’s an overkill.