Internal web site with domain.corp name.
Site has certificate from custom root-CA and custom intermediate-CA.
How to trust for entire internal domain.
Get the Certificates
-open INTERNET-EXPLORER (as-admin).
-go to site with custom security.
-view certificate.
-click DETAILS
-click COPY-TO-FILE.
-save type as BASE-64-ENCODED (not DER).
-save as: sub.domain.tld.cer
-click CERTIFICATION-PATH
-click the INTERMEDIATE certificate (the one in the middle).
-click VIEW-CERTIFICATE.
-click DETAILS.
-click COPY-TO-FILE.
-save type as BASE-64-ENCODED (not DER).
-save as: intermediate-hostname-as-in-certificate.cer
-click CERTIFICATION-PATH
-click the ROOT certificate (the one at the top).
-click VIEW-CERTIFICATE.
-click DETAILS.
-click COPY-TO-FILE.
-save type as BASE-64-ENCODED (not DER).
-save as: root-hostname-as-in-certificate.cer
FOR SINGLE PC CLIENT
-open cmd.
-type: mmc
-add/remove snap-ins
-open CERTIFICATES
-select COMPUTER-ACCOUNT
-expand to TRUSTED-ROOT-CERTIFICATION-AUTHORITIES > CERTIFICATES
-right-click CERTIFICATES
-click IMPORT
-select root-hostname-as-in-certificate.cer
-expand to INTERMEDIATE-RTIFICATION-AUTHORITIES > CERTIFICATES
-right-click CERTIFICATES
-click IMPORT
-select intermediate-hostname-as-in-certificate.cer
Reboot system.
FOR GROUP POLICY DOMAIN
-start new GP
-click COMPUTER > POLICIES > WINDOWS-SETTINGS > SECURITY-SETTINGS > PUBLIC-KEY-POLICIES
-click TRUSTED-ROOT-CERTIFICATION-AUTHORITIES
-click IMPORT
-select root-hostname-as-in-certificate.cer
-expand to INTERMEDIATE-RTIFICATION-AUTHORITIES
-click IMPORT
-select intermediate-hostname-as-in-certificate.cer
Firefox to Trust
-open FIREFOX
-in address bar, type: about:config
-accept the warning message that appears.
-type: security.enterprise_roots.enabled
-toggle to TRUE (default is FALSE).
Test
To test, either visit the site or get OPENSSL for system and check manually:
echo GET | openssl s_client -connect processes.domain.corp:443