Adding Enterprise Trusted Root CA

[minow2]

hey,

one thing i didnt understand, the policy will add a file name from a specific path, the "protocol" / "location" to bring the file is not secure / protected location so why a 3rd party cannot just "forge" the file / manipulate the user to download the certificate file from this location and not my real certificate ?

i think it sound better to just put the certificate's base64 on the configuration property on via GPO / Plist configuration?

[mkaply]

A certificate authority can just be installed by clicking it on the web.

There's no way to trick a person into using policy.