Since when does a desktop application need to ask the user anything to install a cert programmatically? Enforced desktop sandboxing hasn't really taken off.
But then why do you need the DNS/hosts file hack? You can issue a self-signed cert to localhost/127.0.0.1, put it in the user’s trust store and call it a day.
