Follow this article to install the SSL/TLS certificate for Zorus Network Security (ZNS) to display Block Pages over https websites.
This is an optional step—content will still be blocked without the certificate—however the page will load a certificate mismatch error instead of the Block Page.
Install the SSL Certificate
Use these resources to install the SSL Certificate.
Important: Firefox uses its own Certificate Store, so environments that use the Firefox will need to update the browser certificate separately. Mozilla's wiki and support documentation walk through the process for Windows, macOS, and Linux environments.
Download the certificate to the Downloads folder to begin the installation regardless of OS or tool.
Windows
Run this command in an Administrative Command Prompt (requires Administrator privileges). Edit %username% to match the current user:
certutil -addstore -enterprise -f "Root" "C:\Users\%username%\Downloads\NetAlerts.cer"
Active Directory via Group Policy Object (GPO)
- Open Windows Server Manager and navigate to Group Policy Management
- Select the Organizational Units (OUs) to apply the policy
- Right click and select Create a new GPO and link it to the OU
- Name the GPO
- Edit the GPO:
- Select Policies
- Select Windows Settings
- Select Security Settings
- Select Public Key Policies
- Select Trusted Root Certificate Authorities
- Right click and select Import
- Click through the dialogs to the option to select a file
- Import the certificate
macOS
Copy the command into Terminal.app to complete the installation (requires admin "sudo" password):
sudo /usr/bin/security add-trusted-cert -d -r trustRoot -p ssl -p basic -k /Library/Keychains/System.keychain ~/Downloads/NetAlerts.cer
This bash script will also download and install the SSL certificate to a macOS system:
#!/bin/bash
curl https://app.dnsfilter.com/certs/NetAlerts.cer -o /tmp/NetAlerts.cer
sudo /usr/bin/security add-trusted-cert -d -r trustRoot -p ssl -p basic -k /Library/Keychains/System.keychain /tmp/NetAlerts.cer
Linux
Run these commands in Terminal to install the certificate:
sudo mkdir /usr/local/share/ca-certificates/
sudo wget -P /usr/local/share/ca-certificates/NetAlerts.cer https://app.dnsfilter.com/certs/NetAlerts.cer
sudo update-ca-certificates
PowerShell
This PowerShell script will download the certificate to the temp folder, and then install it to the system and enable Firefox to use the system certificate store.
This is useful to mass deploy the certificate with RMM tools.
$url = 'https://app.dnsfilter.com/certs/NetAlerts.cer'
$File = "C:\Windows\Temp\NetAlerts.cer"
(New-Object System.Net.WebClient).DownloadFile($url, $file)
& certutil -addstore -enterprise -f "Root" $File
if(Test-Path "C:\Program Files\Mozilla Firefox\defaults\pref\") {Set-Content "C:\Program Files\Mozilla Firefox\defaults\pref\firefox-windows-truststore.js" "pref('security.enterprise_roots.enabled', true);"}