Reestablishing secure communication with a server after the server's certificate is renewed with a certificate authority unknown to the client

摘要

Secure communication with a server can be reestablished after the server's certificate is renewed with a certificate authority unknown to a client. When a server's certificate is renewed with a CA whose certificate does not exist in a client's certificate store, the client will not be able to authenticate the server using SSL unless the CA's certificate is added to the certificate store. When a client is not updated to include the CA's certificate and therefore fails to authenticate the server, a web-based application on the client can perform a fallback authentication process to securely and automatically add any necessary CA certificates to the certificate store thereby eliminating the need for an administrator to manually install the necessary CA certificates.