Root certificate in Microsoft Windows (and thus Internet Explorer (6 and 7 tested)) are in the registry at key HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\Root\Certificates\. In order to add your own certificate in it, I suggest to do the following.
.reg file..reg file.
This is done with the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings. Set the value SecureProtocols to a REG_DWORD with value 160.
To add a particular site into a zone it works like this. Under the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ you can add website. For example for https://*.tchetch.net/ as a trusted site :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tchetch.nethttps as REG_DWORD with value 2.
If you want to add http://*.tchetch.net as Intranet website you'll do the first step as before and the second step is :
http as REG_DWORD with value 1.
Now if you want to add a subdomain, say http://maps.google.com as Intranet website :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.comHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\mapshttp as REG_DWORD with value 1 to the previous key (but not to the first).
Options for zone are in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\. If you want to configure Intranet zone, it's under key 1, trusted site under key 2 and so on (look in the value of those key to know which zone is which value).
As options are identified by value like 1604 for “Mixed content”, I suggest you work with diff to find out which options you need.