Utilize Your Custom Root Certificate Authority Certificate in Place of NextDNS.cer.
Enhancing Security by Allowing Custom Certificates in the Trusted Root Certification Authorities Store (e.g., company.cer) Instead of NextDNS.cer.
This approach will bolster the security of our system. Currently, the HTTPS block page necessitates the NextDNS.cer certificate as the root, enabling it to mimic the HTTPS site you're attempting to access and present the block page with an explanation for site blocking.
You do know that to do that, you'll need to provide your private key to NextDNS, so in theory, they can do anything with it right?
Yes, that's a valid concern. When using a custom certificate authority certificate like "company.cer" instead of "NextDNS.cer" to enhance security, it does involve sharing the private key with NextDNS. In theory, having access to the private key could potentially allow NextDNS to issue certificates that are trusted by our systems, which could be a security risk if not handled carefully.
I will remove this request indeed.
- 2 wk agoLast active