US English (US)
FR French
DE German
ES Spanish
IT Italian
NL Dutch
JP Japanese

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • Contact Us
English (US)
US English (US)
FR French
DE German
ES Spanish
IT Italian
NL Dutch
JP Japanese
  • Home
  • CyberFOX DNS Filtering
  • Filtering Policies

Installing SSL/TLS Certificates to Display Block Pages on HTTPS Websites

Written by Owen Parry

Updated at August 5th, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • AutoElevate Knowledgebase
    New to AutoElevate? START HERE General & Troubleshooting Managing Rules Integrations Announcements FAQ Sales & Marketing How to Videos
  • Password Boss Knowledgebase
    Using Password Boss Business Administration Password Boss Partner Documents
  • CyberFOX DNS Filtering
    Getting Started Filtering Policies Company and Location Setup Roaming Clients Reporting and Logging
  • Marketing Toolkit
    MSP Marketing & Education Toolkit
  • Changelogs for Autoelevate and Password Boss
  • Current Status
+ More

Table of Contents

Step 1: Download the Root Certificate Step 2: Rename the Certificate Step 3: Install the Certificate On Windows On macOS On Linux Step 4: Verify Troubleshooting Common Issues ❌ Browser Warning: “Your connection is not private” ❌ Certificate Not Trusted ❌ Block Page Not Displaying ❌ Still Seeing the .pem Extension

Need this to be working before final version can be published. All of the steps need to be tested and documented.

This article explains how to install a root SSL/TLS certificate to enable CyberFOX’s Block Page on HTTPS-based websites. While content will still be blocked without this certificate, installing it ensures users see a branded block page instead of a browser error.

<insert example browser error page for SSL>

<insert branded browser block page for SSL>

If you deploy the DNS Filter Agent, the CyberFOX Root Certificate will automatically be installed as part of the agent installation. 

Installing the SSL Certificate is optional but recommended for a seamless user experience

For deployments not using an agent, you can manually install the SSL certificate by following the steps below:

Step 1: Download the Root Certificate

Download the root certificate from CyberFOX: 👉 https://cdn.passwordboss.com/dns-client/rootCA.pem

Step 2: Rename the Certificate

The downloaded file is in .pem format. For compatibility with some systems, rename it to:

CyberFOXrootCA.cer

Step 3: Install the Certificate

On Windows

  1. Double-click CyberFOXrootCA.cer.
  2. Click Install Certificate.
  3. Choose Local Machine and click Next.
  4. Select Place all certificates in the following store.
  5. Browse to Trusted Root Certification Authorities.
  6. Click Next, then Finish.

On macOS

  1. Open CyberFOXrootCA.cer with Keychain Access.
  2. Drag it into the System keychain.
  3. Double-click the certificate, expand Trust, and set When using this certificate to Always Trust.
  4. Close and authenticate to save.

On Linux

  1. Copy the file to /usr/local/share/ca-certificates/.
  2. Run:
   sudo update-ca-certificates

Step 4: Verify

Visit a blocked HTTPS site. If the certificate is installed correctly, the DNSFilter Block Page should appear instead of a browser warning.

Troubleshooting Common Issues

❌ Browser Warning: “Your connection is not private”

  • Cause: The certificate may not be installed in the correct store.
  • Fix: Reinstall the certificate and ensure it’s placed in the Trusted Root Certification Authorities store (Windows) or System keychain (macOS).

❌ Certificate Not Trusted

  • Cause: The certificate may not be marked as trusted.
  • Fix: On macOS, open Keychain Access, double-click the certificate, and set Always Trust under the “Trust” section.

❌ Block Page Not Displaying

  • Cause: The certificate is missing or improperly installed.
  • Fix: Confirm the certificate is installed and trusted. Also, ensure DNSFilter is configured to show block pages.

❌ Still Seeing the .pem Extension

  • Cause: File extensions may be hidden by default.
  • Fix: Ensure the file is renamed to CyberFOXrootCA.cer and not CyberFOXrootCA.cer.pem.
audit mode autoelevate

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Disabling Password Boss on Websites
  • Disabling Password Boss on Websites Within the Partner Portal
  • Configuring Block Pages
  • Creating Custom Categories
  • Products
    • Privileged Access Management
    • Password Management
  • Solutions
    • For MSPs
    • For IT Pros
    • By Industry
  • Resources
    • Weekly Demos
    • Events
    • Blog
    • FAQ
  • Company
    • Leadership
    • Culture + Values
    • Careers
    • Awards
    • News & Press
    • Trust Center
    • Distributors
  • Get Pricing
  • Free Trial
  • Request a Demo
  • Support
  • Login
  • Contact
4925 Independence Parkway
Suite 400
Tampa, FL 33634
CALL US (813) 578-8200
  • Link to Facebook
  • Link to Linkedin
  • Link to Twitter
  • Link to Youtube
© 2023 CYBERFOX LLC ALL RIGHTS RESERVED  |  Privacy Policy

Knowledge Base Software powered by Helpjuice

Expand