We have developed common asp.net web app that requires SSL. Our client is a CA and they issued new certificate for this app. The problem is that their certificate is not present on most systems as trusted root yet. Clients are therefore getting security warnings in their browsers, and we think that they are discouraged to proceed.
Is there any way to detect if browser trusts web app certificate or if it has required authority certificate in its trusted root? This way we could at least display some instructions about certificates and point them to CA page to download it.
Not directly, as that would be a great vector for people to phish for exploits. All you could really do is have a http page that leads to your https page and then you can track (with a cookie) the user through the transition. I've not tried but there might be some terrible hack wherein you navigate an iframe and if it succeeds it then uses the various hackish cross document communication methods to inform the http page that the user will have a shock (or not) when they transition to the HTTPS page.
The real solution is for your client to have a CA that is trusted by one of the global root providers. Encouraging folks to trust certs from private CA's isn't great.