In our case, the customer is installing our .NET application which is running a local website (on localhost via Kestrel). To make the website run secure (https), we create a self-signed certificate, add it to the system keychain and trust it (at least before Sequoia) - all automatically by the installation process. Since trusting it is no longer possible because of the behavior change, what is the recommended approach to handle our case? I don't think we can use any MDM solution since it's our customer who is handling and installing our software (without MDM requirement or prerequisite). So I'm looking for a proper way to still have our deployed website run secure on his end (without extra user interaction).