this is a two part post. Mods please feal free to move this post to proper section as no https inspector subsection exists right now.
should explain how to add the root cert in a group policy if its in a domain.
like how the ad login script page works
how to install the cert into group policy:
1.) open group policy management editor
2.) open default domain policy
3.) go to computer configuration>Policies>Windows Settings>Security Settings> Public Key
4.) right click on trusted root and click import
5.) select untangles cert and hit next and Finnish
6.) reboot every workstation or run a gpupdate /force for new setting to take effect.