Network Filtering
      Back to home
      1. Help Center
      2. Setup Guides
      3. Network Filtering

      Install SSL certificate to display Block Page over HTTPS sites

      Follow this article to install the SSL/TLS certificate for Zorus Network Security (ZNS) to display Block Pages over https websites.

      This is an optional step—content will still be blocked without the certificate—however the page will load a certificate mismatch error instead of the Block Page.

      Install the SSL Certificate 

      Use these resources to install the SSL Certificate. 

      Important: Firefox uses its own Certificate Store, so environments that use the Firefox will need to update the browser certificate separately. Mozilla's wiki and support documentation walk through the process for Windows, macOS, and Linux environments.

      Download the certificate to the Downloads folder to begin the installation regardless of OS or tool. 

      Windows

      Run this command in an Administrative Command Prompt (requires Administrator privileges). Edit %username% to match the current user:

      certutil -addstore -enterprise -f "Root" "C:\Users\%username%\Downloads\NetAlerts.cer"

      Active Directory via Group Policy Object (GPO)

      1. Open Windows Server Manager and navigate to Group Policy Management
      2. Select the Organizational Units (OUs) to apply the policy
      3. Right click and select Create a new GPO and link it to the OU
      4. Name the GPO
      5. Edit the GPO:
        1. Select Policies
        2. Select Windows Settings
        3. Select Security Settings
        4. Select Public Key Policies
        5. Select Trusted Root Certificate Authorities
      6. Right click and select Import
      7. Click through the dialogs to the option to select a file
      8. Import the certificate

      macOS

      Copy the command into Terminal.app to complete the installation (requires admin "sudo" password):

      sudo /usr/bin/security add-trusted-cert -d -r trustRoot -p ssl -p basic -k /Library/Keychains/System.keychain ~/Downloads/NetAlerts.cer

      This bash script will also download and install the SSL certificate to a macOS system:

      #!/bin/bash
      curl https://app.dnsfilter.com/certs/NetAlerts.cer -o /tmp/NetAlerts.cer
      sudo /usr/bin/security add-trusted-cert -d -r trustRoot -p ssl -p basic -k /Library/Keychains/System.keychain /tmp/NetAlerts.cer

      Linux

      Run these commands in Terminal to install the certificate: 

      sudo mkdir /usr/local/share/ca-certificates/
      sudo wget -P /usr/local/share/ca-certificates/NetAlerts.cer https://app.dnsfilter.com/certs/NetAlerts.cer
      sudo update-ca-certificates

      PowerShell

      This PowerShell script will download the certificate to the temp folder, and then install it to the system and enable Firefox to use the system certificate store.

      This is useful to mass deploy the certificate with RMM tools.

      $url = 'https://app.dnsfilter.com/certs/NetAlerts.cer'

      $File = "C:\Windows\Temp\NetAlerts.cer"

      (New-Object System.Net.WebClient).DownloadFile($url, $file)

      & certutil -addstore -enterprise -f "Root" $File

      if(Test-Path "C:\Program Files\Mozilla Firefox\defaults\pref\") {Set-Content "C:\Program Files\Mozilla Firefox\defaults\pref\firefox-windows-truststore.js" "pref('security.enterprise_roots.enabled', true);"}