Deploy SSL Certificate Using Active Directory

Introduction

Installation of the DNSFilter SSL Root certificate is required in order to access block pages via HTTPS. Without the certificate installed, a certificate error will display instead of a block page.

The certificate is available in the DNSFilter Dashboard in Tools --> SSL Certificate section.
Note: MSP organizations automatically download the whitelabeled version, which uses an alternative name in the certificate and instructions.


Active Directory and Group Policy

  1. On a domain controller in the appropriate forest, start the Group Policy Management snap-in.
  2. Find an existing Group Policy Object (GPO) or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit (OU) where the appropriate user and computer accounts reside.
  3. Right-click the GPO, and then click Edit.
  4. In the console tree, open Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies, right-click Trusted Root Certification Authorities, and then click Import.
  5. On the Welcome to the Certificate Import Wizard page, click Next.
  6. On the File to Import page, type the path to the appropriate certificate file (DNSFilter.cer), and then click Next.
  7. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
  8. On the Completing the Certificate Import Wizard page, verify that the information you provided is accurate, and then click Finish.

Firefox

Firefox uses its own certificate store, which means deploying the SSL certificate to the Windows system store will not have any effect when using Firefox.

Instead, this can be accomplished by distributing a javascript include file to each machine.

Download the file:  firefox-windows-truststore.js

Target #1: C:\Program Files\Mozilla Firefox\defaults\pref\firefox-windows-truststore.js
(32-bit installations)
Target #2: C:\Program Files (x86)\Mozilla Firefox\defaults\pref\firefox-windows-truststore.js
(64-bit installations)

Because Firefox only started shipping 64-bit versions for Windows as of August 2017, it's best to specify both targets.

Credit to  Thomas Leister for this method/information.

Still need help? Contact Us Contact Us