On November 1, 2016, we will be updating our root certificate to be signed by the Cisco Root Certificate Authority (CA) instead of the OpenDNS Root Certificate Authority. If you have already installed the OpenDNS Root CA, or are installing the CA for the first time, the Cisco Root CA is a new certificate that needs to be installed in your users’ browsers in advance of the change on Nov 1st. To avoid any issues, please install the new Cisco Root CA alongside the current OpenDNS Root CA as soon as possible.
The certificate is required to support the ability to decrypt and examine SSL traffic in the Intelligent Proxy and to solve a problem with the block page when HTTPS pages are blocked. The block pages present an SSL certificate to browsers that make connections to HTTPS sites and without the certificates in place, errors can be shown in the browser as the certificate is untrusted. By installing the OpenDNS and Cisco Root CAs in your user’s browsers, you will avoid these errors.
After November 1st, 2016 only the Cisco Root CA will be required, but this is also the deadline to have that certificate in place to avoid errors. Until that date, the OpenDNS Root CA will be used, but it is a recommended best practice to install both before the Nov 1 transition date. There is no need for you to remove the OpenDNS Root CA after the transition date, but you may do so if you wish.
Both the Cisco and OpenDNS certificates and instructions to install them in your user’s browsers can be found here: https://docs.opendns.com/product/umbrella/cisco-certificate-import-information/
The new certificate can also be found in your Umbrella Dashboard by navigating to Configuration > Block Page Settings > Root Certificate.
A list of FAQs can be found here: https://support.opendns.com/entries/102057968-FAQ-The-Cisco-and-OpenDNS-Root-CAs. Please read through these if you have any questions about what exactly is changing and why.
After reading through, there are still questions, please reach out to email@example.com.