We would like to enable HTTP authentication for our BM 3.8 SP2 HTTP Proxy
but during testing I have noticed a few problems:

The authentication is SSL, so the user is prompted to click a security box
to accept the certificate. You then have to log in, and are then prompted
to click Yes/No again as you are moving from a secure to a non-secure
site. All of our users involved in the testing have said that this is far
too long-winded to be useable.
I know that we can use CLNTRUST for users on our LAN, so this will not be
an issue as it uses SSO instead, but what of our remote users, of whom we
have many ?
We can issue instuctions on how they can import our rootcert.der manually,
but we would like to import this certificate to all users browsers
automatically. Can this be done, maybe with ZEN ? Also, how do we stop
the 'site is insecure' message once authenticated ? IE setting ? If so,
can we apply a change globally again to stop this too ?