3

We are having a custom CA for our local-domains.

The Root CA certificate is installed on all the corporate machines by default, but sometimes it happens that we have someone here who doesn't have it installed.

If the user a) accesses our intranet using http or b) accepts the server-certificate I would like to redirect the user to a site which tells it what happened and how they can install the root CA.

The only solution I found was the following:

<img src="https://the_site/the_image" onerror="redirectToCertPage()">

This is barely a work-around and not really a solution. It can be triggered by other problems then the missing certificate.

Are there any better solutions on how to solve this problem?

Zulakis
  • 4,153
  • 14
  • 48
  • 76

3 Answers3

0

Yeah, installing the certificate automatically with a GPO would be a better solution.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • It is on company computers. But it's a problem if I need to show a external person (e.g. customer) something on the external device, or of you got 'Bring your own device' in your company, or when you are in a school in which teachers bring their own laptops... There are many cases when you cannot deploy the ca directly. – Zulakis Aug 18 '12 at 12:45
0

Looks like there is no better solution.

If anyone knows one, feel free to answer and I will accept it as best answer.

Zulakis
  • 4,153
  • 14
  • 48
  • 76
0

A general approach might be to offer a starting point on http, that redirects to https and explains that if a user sees a "unknown certificate" warning he has to install the CA (refer to the browser-documentation on how to do this) because...

Nils
  • 7,695
  • 3
  • 34
  • 73