This is the hard part. Unless it's company hardware there is absolutely no way I am installing a new root cert on my machine.