Okay, I understood it as the CA certificate was signed by a "trusted" root CA (one already present/trusted by user's browsers). Glad to hear I'm wrong. Thanks.