How to Install and Trust DNS Firewall Block Page Certificate

This procedure outlines the installation of a Root CA certificate for the Block Domain Error Page.

DNS Firewall custom block landing page presents an SSL certificate to browsers that make connections to HTTPS sites that are blocked. If the OryxLabs DNS Firewall Root CA is not trusted by your browser, an error may be displayed such as "The security certificate presented by this website was not issued by a trusted certificate authority" (Internet Explorer), "The site's security certificate is not trusted!" (Google Chrome) or "This Connection is Untrusted" (Mozilla Firefox). Although the error is expected, the messages displayed can be confusing and you may wish to stop them from appearing.

To avoid these errors entirely, install the OryxLabs DNS Firewall Root CA in your browsers.

Prerequisite: Download Root CA File

• Login to the https://dnsfirewall.oryxlabs.com/login
• Download Root CA certificate file from the DNS Firewall UI by navigating to Policies > Custom Block Page.

Install Root CA on Browsers

Firefox

• Download the Root CA certificate file [OryxLabs.pem] from the UI.
• Open Settings → Privacy & Security.
• Scroll down to Certificates and click View Certificates...
• In the Authorities tab, click Import.
• Select the OryxLabs.pem file.
• Check Trust this CA to identify websites then click OK.

Chrome, Chromium

• Download the Root CA certificate file [OryxLabs.pem] from the UI.
• Open Settings → Privacy & Security.
• Scroll down to Security and click Manage certificates...
• Navigate through the Certificate Import Wizard
• Select the OryxLabs.pem file.
• Check Trust this certificate for identifying websites then click OK.

Install Root CA on Operating Systems

macOS

• Download, Root CA certificate file [OryxLabs.pem] from the UI.
• Open the OryxLabs.pem file, the Keychain Access.app will be launched with the list of Certificates installed on your computer.
• Double-click on DNS Firewall Root CA in that list.
• Under Trust, choose Always Trust for Secure Socket Layers (SSL).
• Close the window and provide password to confirm the change.

Windows

• Download, Root CA certificate file [OryxLabs.pem] from the UI.
• Open the OryxLabs.pem file, the Certificate window will open.
• Click on Install Certificate.

Linux

For linux operating system install and configure Root CA certificate on browsers installed on the system. Refer: [Install Root CA on Browsers]

iOS

• Download, Root CA certificate file [OryxLabs.pem] from the UI.
• Open the Settings app, then go to General → Profiles.
• Open DNS Firewall Root CA, then Install.
• In the Settings app, go to General → About → Certificate Trust Settings.
• Enable Full Trust for DNS Firewall Root CA.

Note: If you have downloaded the profile for iOS from the UI, the Root CA is already embedded to the configuration profile.

Android OS

• Download, Root CA certificate file [OryxLabs.pem] from the UI.
• Open the downloaded OryxLabs.pem file.
• When asked, name the certificate DNS Firewall.