How to install and trust NextDNS Root CA
Windows
- Open https://nextdns.io/ca to download the NextDNS.cer file.
- Open the NextDNS.cer file (the Certificate window will open).
- Click on Install Certificate.
- In the Certificate Import Wizard, when prompted for the Certificate Store, choose Place all certificates in the following store and select the Trusted Root Certification Authorities store.
CLI Installation
In a PowerShell as administrator, run:
Invoke-WebRequest -Uri "https://nextdns.io/ca" -OutFile "$env:TEMP\nextdns.cer"
certutil -addstore -f root "$env:TEMP\nextdns.cer"
macOS
- Open https://nextdns.io/ca to download the NextDNS.cer file.
- Open the NextDNS.cer file (the Keychain Access.app will open with the list of Certificates installed on your computer).
- Double-click on NextDNS Root CA in that list.
- Under Trust, choose Always Trust for Secure Socket Layers (SSL).
- Close the window (you may be asked to enter your system password to confirm the change).
iOS
- Open https://nextdns.io/ca, then choose Allow.
- Open the Settings app, then go to General → Profiles.
- Open NextDNS Root CA, then Install.
- In the Settings app, go to General → About → Certificate Trust Settings.
- Enable Full Trust for NextDNS Root CA.
Android
- Open https://nextdns.io/ca, then choose Download.
- Open the downloaded NextDNS.cer file.
- When asked, name the certificate NextDNS.
Linux
Firefox
- Open https://nextdns.io/ca to download the NextDNS.cer file.
- Open about:preferences →Privacy & Security.
- Scroll down to Certificates and click View Certificates…
- In the Authorities tab click Import.
- Select the NextDNS.cer file.
- Check Trust this CA to identify websites then click OK
Chrome, Chromium
- Open https://nextdns.io/ca to download the NextDNS.cer file.
- Open chrome://settings/certificates
- In the Authorities tab click Import.
- In the lower right, select All Files
- Select the NextDNS.cer file.
- Check Trust this certificate for identifying websites then click OK.
If you're using Firefox, an additional step is required:
- Enter about:config in the address bar, then press Enter.
- If asked, click on Accept the Risk and Continue.
- Set the value for security.enterprise_roots.enabled to true.
31 replies
-
What potential risk is there in installing the nextdns ca certificate?
I read a pre installation warning that the owner of the CA certificate could potentially read my passwords and cc details.
-
I think for Firefox on PC it is safer and better to install the certificate in the internal storage rather than change the setting so that the browser trusts all system certificates.
-
Hi, thanks for elaborating on this. In my android, yes its perfectly working. But in my laptop, especially in Chrome browser even after following all the instructions it doesn't remove https warning message. So, do i have to tweak something from chrome?
-
Hi, I have installed it but now I can not delete from my Samsung S21, could you help me?
-
Thanks
-
Can this certificate be installed at the router level?
-
Helo! I installed the certificate on my device, but the certificate does not appear on the websites:
-
To upgrade or uninstall the NextDNS CLI, run the same install command again and select "Upgrade" or "Uninstall" from the menu.
-
You talk about a slight load time increase with the block page. What order of increase and is it for every query or just the blocked ones ? I'm french and my English not so good so I hope you understand what I mean.
-
Coud u make regular https so i dont need to install cert to 1000 devices. Just for notification and maybe make some options to customise message backfround color logo and that stuffs.
-
I installed it on my new Macbook. The keystore doesn't trust it.
-
Okay, so in the event that my kiddo is able to get around the block page, how could I prevent this?
-
How to undo? Or uninstall it incase we don't want it on the system?
-
How to script cert installation?