Install the Root CA

To successfully enable HTTPS inspection for web policies, SSL decryption for DNS policies, or to render a block page correctly when an identity attempts to visit a blocked HTTPS website, a root certificate must be installed in all the browsers in all your managed devices, see Manage Certificates.

For web policies, to take full advantage of the feature set available to Umbrella's secure web gateway (SWG) you must enable HTTPS inspection. If you do not enable this, Umbrella cannot perform file inspection, URL matching, advanced application controls, or provide URL-level visibility for HTTPS transactions.

For DNS policies, to enable SSL decryption, you must also enable intelligent proxy. Because most web pages are served over HTTPS, the efficacy of the intelligent proxy is increased dramatically when SSL decryption is also enabled.

For both web and DNS policies, for Umbrella to properly display a block page, a root certificate must be installed for all browsers. When an identity visits a blocked HTTPS website, even without HTTPS inspection or SSL decryption enabled, Umbrella will not downgrade the HTTPS protocol to HTTP when serving a block page. Therefore, if a root certificate is not installed, the web browser will not display the block page correctly.

Steps to install a root certificate vary based on the operating system, browser type, and policy types. For more information and procedures, see Manage Certificates.

---

Migration from Umbrella Roaming Client < Install the Root Certificate > Automatic Updates