[curiousstranger]

As a guy who does security for a living, and is having this same problem, that warning may be "normal" but it certainly isn't a good idea. Teaching customers to click "Trust always" without giving them any way to verify that the certificate is, actually, something they should trust is bad practice. Trusted root certificates is one way to do that, but at the very least, they should display a fingerprint on the server and client side that can be compared.