Install the Root Certificate

To successfully enable HTTPS inspection for Web policies, SSL decryption for DNS policies, or to render a block page correctly when an identity attempts to visit a blocked HTTPS website, a root certificate must be installed in all browsers on all of your managed devices. See Manage Certificates.

For Web policies, to take full advantage of the feature set available to Umbrella's secure web gateway (SWG) you must enable HTTPS inspection. If you do not enable HTTPS inspection, Umbrella cannot perform file inspection, URL matching, advanced application controls, or provide URL level visibility for HTTPS transactions.

For DNS policies, to enable SSL decryption you must also enable the intelligent proxy. Because most web pages are served over HTTPS, the efficacy of the intelligent proxy is increased dramatically when SSL decryption is also enabled.

For both Web and DNS policies, for Umbrella to properly display a block page a root certificate must be installed for all browsers. When an identity visits a blocked HTTPS website, even without HTTPS inspection or SSL decryption enabled, Umbrella will not downgrade the HTTPS protocol to HTTP when serving a block page. Therefore, if a root certificate is not installed the web browser will not properly display the block page.

Steps to perform this installation procedure vary based on the operating system, browser type, and policy types. For more information and procedures, see Manage Certificates.

Enable the Umbrella SWG Agent < Install the Root Certificate > IPv4 and IPv6 DNS Protection Status