That's an interesting problem you have stated! Now, if i understand it right 1. You are ok with the users being redirected to a website and installing the Cert 2. What the actual problem is the fact that the users are unable to add the certs without instruction and/or the instructions are difficult to follow 3. We cannot use the GPO technically as they are not a part of the domain and hence we cannot push the certificates Now, I am making some assumptions 1. All the intended clients are Windows - Multiple versions of them may be 2. All the users may not have administrative access on their computer - A little far fetched but still a remote possibility Solution : We create an installer using C#, which does this for them. Then we can send the installer and not the certificate file. A simple Next, Next Installation will be far easier to follow. Since we are talking windows, a simple c# program will be sufficient. 1. Convert the Certificate as a x509 format (Open SSL should be able to do this fairly simply) 2. You could create a C# Forms Application with the main install button performing the following string certFile; // Contains name of certificate file X509Store store = new X509Store(StoreName.Root, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadWrite); store.Add(new X509Certificate2(X509Certificate2.CreateFromCertFile(certFile))); store.Close (); This will add the Certificate into the Users Root CA (Not the computer account) - Which is sufficient for our purposes If thats not a possibility, then create a batch bile 2 (Onother Option) . Create a batch file with the content (Name the file installCert.bat or something) certmgr /add certFile.cer /s Root And give the certificate in x509 format and the batch file in the same folder. Once people click on the batch file the cert will be installed Please let me know if you have questions HTH! Hardik So, just cl
... View more
.png "Satish"){kind=avatar}
