Installing SSL/TLS Certificates to Display Block Pages on HTTPS Websites
Table of Contents
Need this to be working before final version can be published. All of the steps need to be tested and documented.
This article explains how to install a root SSL/TLS certificate to enable CyberFOX’s Block Page on HTTPS-based websites. While content will still be blocked without this certificate, installing it ensures users see a branded block page instead of a browser error.
<insert example browser error page for SSL>
<insert branded browser block page for SSL>
If you deploy the DNS Filter Agent, the CyberFOX Root Certificate will automatically be installed as part of the agent installation.
Installing the SSL Certificate is optional but recommended for a seamless user experience
For deployments not using an agent, you can manually install the SSL certificate by following the steps below:
Step 1: Download the Root Certificate
Download the root certificate from CyberFOX: 👉 https://cdn.passwordboss.com/dns-client/rootCA.pem
Step 2: Rename the Certificate
The downloaded file is in .pem
format. For compatibility with some systems, rename it to:
CyberFOXrootCA.cer
Step 3: Install the Certificate
On Windows
- Double-click
CyberFOXrootCA.cer
. - Click Install Certificate.
- Choose Local Machine and click Next.
- Select Place all certificates in the following store.
- Browse to Trusted Root Certification Authorities.
- Click Next, then Finish.
On macOS
- Open
CyberFOXrootCA.cer
with Keychain Access. - Drag it into the System keychain.
- Double-click the certificate, expand Trust, and set When using this certificate to Always Trust.
- Close and authenticate to save.
On Linux
- Copy the file to
/usr/local/share/ca-certificates/
. - Run:
sudo update-ca-certificates
Step 4: Verify
Visit a blocked HTTPS site. If the certificate is installed correctly, the DNSFilter Block Page should appear instead of a browser warning.
Troubleshooting Common Issues
❌ Browser Warning: “Your connection is not private”
- Cause: The certificate may not be installed in the correct store.
- Fix: Reinstall the certificate and ensure it’s placed in the Trusted Root Certification Authorities store (Windows) or System keychain (macOS).
❌ Certificate Not Trusted
- Cause: The certificate may not be marked as trusted.
- Fix: On macOS, open Keychain Access, double-click the certificate, and set Always Trust under the “Trust” section.
❌ Block Page Not Displaying
- Cause: The certificate is missing or improperly installed.
- Fix: Confirm the certificate is installed and trusted. Also, ensure DNSFilter is configured to show block pages.
❌ Still Seeing the .pem Extension
- Cause: File extensions may be hidden by default.
-
Fix: Ensure the file is renamed to
CyberFOXrootCA.cer
and notCyberFOXrootCA.cer.pem
.