Detect unsecure ssl-Connection

Question

We are running an intranet application which uses a self-signed ssl cert.

The customer does trust our CA.

We are using this way since several years.

On some PCs our CA was not imported and the user does get the warning from the browser everyday.

Unfortunately the users do not tell us this, they just say "accept cert" again and again.

Is there a way to detect the trust of the page?

We are running the web application and would like to get a note, if a browser does accept the cert manually. Then we can get in touch with the admin of the PC and send him a hint that a PC does not trust our CA yet.

Maybe it is possible to detect this way JavaScript?

This is good:

We want to get a note if it looks like this:

Update I am not responsible for the client PC. I do not have access to them to install or manage certs.

Answer 1

This is possible, however browser support is not very high at the moment. If you can live with not supporting anything but chromium based browsers and firefox (these do make up the majority of user agents), you can use

window.isSecureContext

to find out, if the browser trusts your cert. So in order to log every time someone does not trust your cert you could do:

if (!window.isSecureContext){
    //do ajax call
}

Answer 2

The information is not exposed through Javascript (reference Is there a way to get SSL certificate details using JavaScript?).

Depending on the situation, you can:

1) Use a group policy to deploy your CA to all PC's
2) Use other management software to deploy the CA
3) Use an actual trusted certificate authority (by either purchasing a certificate or using Let's Encrypt)

This an non-exhaustive list, so if you have more information about your environment, I can possible give other options.