Install the CA to avoid certificate errors

5min

When you try to open an Https blocked website for security policies, a browser certificate warning message appears.
To avoid this issue you can install our Certification Authority (CA) on your devices.
It's possible to perform a manual installation or a massive deployment under Microsoft Active Directory Server.
﻿1. MANUAL INSTALLATION
Logon with an administrative account on the device.

 download the Certification Authority on the Desktop.

Unzip the WebFilter.zip file and right-click on the extracted WebFilter.crt file. Click [Install certificate] from the menu.
Choose to install the certificate for Local Machine and press [Next] to continue. 
﻿
﻿
Choose Place all certificates in the following store and then click on the [Browse...] button.
﻿
﻿
Highlight Trusted Root Certification Authorities and then confirm with [OK]. Finally, click [Finish] to complete the CA installation.

N.B If it does not work on mozilla firefox, please refer to the following guide﻿.
﻿2. INSTALLATION USING ACTIVE DIRECTORY GPO
Certification Authority using the Group Policy in a Microsoft Active Directory environment.
NOTE: In the following guide we'll explain how to create the policy with Microsoft Windows Server 2012 but the steps are silimar also with the other versions of Windows.

Log into your Active Directory Server, using an administrative account and download the Certification Authority on the Desktop.

Unzip the WebFilter.zip file and right click on the extracted WebFilter.crt file.

Open the group policy management console by running gpmc.msc command. 
﻿
﻿
Choose your domain, right click and select Create a GPO in this domain and link it here.
﻿
﻿
Type a name for your GPO and click [OK] to create it.
﻿
﻿
Righ click on the policy you've just created and then select [Edit]. In the new window navigate to Computer Configuration->Policies->Windows Settings->Security Settings->Public Key Policies.
﻿
﻿
Right click on the Trusted Root Certification Authorities entry and click [Import].
﻿
﻿
Click [Next] and then click [Browse...] to choose our Certification Authority.
﻿
﻿
Select the extracted certificate, called WebFilter.crt, you saved before on your Desktop and click [Open]. Click [Next] to proceed.
Choose Place all certificates in the following store and then click on the [Browse...] button.
Highlight Trusted Root Certification Authorities and then confirm with [OK]. Then confirm with [Next].
Finally, click [Finish] to complete the procedure.
﻿
﻿
Navigate to Computer configuration->Policies->Administrative Templates Policy definitions->Windows Components->Windows Update.
Double click Allow signed content from intranet Microsoft update service location.
﻿
﻿
Next select [Enabled]. Click [OK] to confirm.
﻿
﻿
The new group policy will be updated, on your internal devices, based on the refresh interval time. The standard interval is 90 minutes.
NOTE: you can use the gpupdate /force command to immediately load the policy on your PC.