Hello everyone,

I am in the process of implementing an internal Certificate Authority on a
client's network. The CA will issue certificates to several intranet web
apps that will be accessible to remote users. I would like to
programmatically add the Root CA cert to the users' Trusted Root CA store.

I have reviewed dseveral articles offering example code on how to achieve
this using the CEnroll ActiveX control, incluing MS KB 297681. However, all
of the methods I have seen, attempt to add the Root CA cert to the users'
store, without checking first if they already have it installed. I need to
accomplish this in a cleaner way.

I need to check the user's cert store to see if the Root CA cert is already
listed in the Trusted Root CA store. I would then, either redirect the user
to a page that explains why they need to install the certificate and prompts
to them to install it; or if they already trust the Root CA, redirect them
to the web app.

Is there a way I can use the CEnroll ActiveX control to find out if my Root
CA is already trusted by the user? Or would this be a security issue? I
reviewed the CEnroll ActiveX control on the MSDN site, and did not see a
property or method that would allow me to accomplish this.

Thank you,

Dmitry Akselrod