Hello 51080275,
Thank you for posting in Q&A forum.
To fix this issue, AD users logging into the website can upload the root certificate and password provided by the AD CA Administrator.
A1: Do you mean users can upload the root CA certificate to Certificates-Local Computer\Trusted Root Certification Authorities\Certificates on their machine?
When a user accesses the website, logging in with a valid AD logon, the website will show the website is not secure and a closer look reveals that the root certificate is missing.
A: Where does the user logon and access the website? If the users log on the domain-joined machines, and if it is indeed the root certificate missing issue, you can try to import the root CA certificate into Trusted Root Certification Authorities\Certificates on their machines.
You can also install certificates into Certificates-Local Computer\Trusted Root Certification Authorities\Certificates via GPO (below) on Domain Controller.
Computer Configuration\Policies\Windows Settings\Security Settings\Publish Key Policies\Trusted Root Certification Authorities
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.