It's worth noting that the only thing that makes a certificate "trusted" in the traditional sense is that you know who signed it. Some browsers and most operating systems come with a list of "trusted" certificate authorities (CAs) that verify that a certificate is legitimate. 

The same is true for workplaces: What you tend to see (especially in bigger companies) are in-house certificate authorities whose integrity-checking certificate is installed on every laptop and desktop the company owns. The net result of this is that it's much easier for a company to sign certificates for internal use, but they'll still show a warning if any of those systems are accessed from outside (as the outside device won't have the ...