Looks are everything, right?

A friend just got this note from an executive responsible for a subsidiary of his company:

I keep getting complaints from our clients regarding our secure website. For some reason when our clients' members click from their sites to the our secure site they get the message [pictured] below. They can still click through to the web site, but it scares members. I also get this same message when I am accessing our secure site. Is there anyway to get rid of this message so our site looks secure?

Of course I added the emphasis to the text, but I'm not sure what is more concerning, the fact that this problem has been outstanding for 2 years (as per my friend's info) with the an open ticket(s) for a new certificate, or that management is more interested in the site "looking" secure.