Not sure about appending it to existing data though, still working on that one?
You do need to restart IE after the import.These settings do not apply to Synchronous WinInet calls.Note These settings apply to Internet Explorer and Asynchronous WinInet calls only.Note You must use both the registry values listed in step 3 to control the Internet Explorer internal resolver cache mechanism.When you bring up the certificate details you are looking at the website cert, and not the CA cert.Once you have imported the CA, you do not need to import the regular website cert.CA Root is not trusted." This is the certificate that you want to import into the Trusted Root Certificate Authority.During this period, some host entries stop working because of change in the IP address of the remote server that was initially resolved.If your environment has a number of clients that are connecting and are all performing DNS lookups every 30 minutes, you may experience an unwanted increase in network traffic.For example, to set the time-out value to 10 minutes, use a value of 600 seconds.The General tab will say, "This certificate cannot be verified." You need to select the CA by clicking on the Certification Path tab, and selecting the top most cert in the path.Internet Explorer.x and later versions modify how DNS host entries are cached by decreasing the default time-out value to 30 minutes.That cert will get matched up to the CA you just imported, and IE will treat everything as working normally.More information warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system.The accepted answer is wrong.You do not need to run IE as Admin, and you do not need to add the site to trusted sites first.The GPO method mentioned everywhere on the internet didnt work for.It should have a red X icon, and should say, "This CA Root certificate is not trusted because." Click the View Certificate button, and on this new General tab you should see, "This.
2.Locate and click the following key in the registry: Settings.On the Edit menu, click Add Value, and then add the following registry values: Value Name: DnsCacheTimeout Data Type: REG_dword Radix: Decimal Value: (time in seconds).

How to install the CA Root Cert, and not the Website Cert: (IE8, Win7).