If it is untrusted, you also won’t have a TLS connection be established based on that CA.