In this article
When using DNSFilter, you may notice a certificate error similar to the images below when attempting to visit a blocked domain over HTTPS:
Why does this happen?
If a domain is blocked, DNSFilter responds with an IP address of our block page server. If the blocked domain was accessed via HTTPS, the browser asks for the SSL Certificate for the domain, but receives a certificate for blocked.dnsfilter.com instead. The browser recognizes this as a mismatch and thus displays an error. This effect is common among all content and security filtering solutions and is a consequence of HTTPS.
How can it be fixed?
If you manage the site endpoints
There are several options to easily deploy the SSL certificate, including automatic installation with our Roaming Clients.
This is recommended because it allows your users to see the notification that a site is being blocked, instead of thinking that there is a problem with their browser or computer.
If you have a site with unmanaged endpoints (Guest Wi-Fi etc.)
You will likely not have the opportunity to deploy the certificate unless providing instructions and the certificate to their user base through a captive portal or provide education in some other manner.
However, this SSL certificate is optional to provide the “You are blocked” notification—Blocking is active regardless of if the certificate is installed or not.
Comments
0 comments
Please sign in to leave a comment.