Branded Blocked Webpage - No Certificate Required
Eric Nix
I was messing around with ControlD's config pages for a family member's network and found their branded block page. Basically it allows you to specify the URL of an image (e.g., hosted locally or Imgur, etc.) with some basic text (header, description) and ability to link a website or email address.
DNSFilter should consider this option. It does not require installing a certificate on each client.
Deon
Any customised block page will
always
require a root cert installation to work on HTTPS purely because of how HTTPS works. It's inherent to the trust process. It's even in the ControlD docs.If you install the agent app, the app installs the root cert for you - just like the DNS Filter agent.
We could definitely use the custom link option though - Because that would allow us to redirect users directly to a form and funnel it through to our helpdesk directly rather than via email.
Eric Nix
Deon Maybe that was it -- I had the profile installed on my phone when testing. It wasn't installed on my computer though, and I recall it presenting me with the block page.
Deon
Eric Nix it will still work for HTTP only pages without a cert (Obviously). So, it is entirely possible you just got lucky/didn't realise/etc. But yes, HTTPS will always require a root cert. Both fortunately and unfortunately.
I understand the
want
for not having to require a root certificate though, because that opens up its own set of security risks.