I work for a large company and our security certificates update regularly. Sometimes we get prompted to accept the new ones, but not always. For example; our rootca was updated a few months ago and when the old one expired users could not use Outlook of Skype for Business. Even if they got the new cert it would be marked as untrusted. What we are trying to figure out is if there is a way to force MacOS to recognize when there is a new certificate available or if there is a way to use scripting to automatically trust new certificate for our domain. We do not have any infrastructure to deploy configuration profiles and there is no foreseeable intentions to implement anything. What are our options?