Resolve Certificate Errors when Using Blocked Page Bypass

Available Languages

Download Options

  • PDF     (6.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (80.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (65.7 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 21, 2025
Document ID:225244

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to resolve certificate errors when using Blocked Pages Bypass in Cisco Umbrella.

    Prerequisites

    Requirements

    There are no specific requirements for this document.

    Components Used

    The information in this document is based on Cisco Umbrella.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Problem

    If you are using Block Pages Bypass, it is expected that a HTTPS/HSTS certificate error can be raised.

    Solution

    To ensure that Bypassed Block Page content shows up properly, please ensure that you add the Cisco Root CA.

    Cause

    This is the correct and expected behavior. When using Bypass Blocked Pages, Umbrella's servers are acting as a forward proxy allowing only the authenticated user to access the domain. If Umbrella changed the DNS response, all users on your network are able to access the resource.

    The HTTPS certificate error is due to the this mechanism. Since Umbrella cannot pretend to be whichever domain you are actually trying to connect to, your browser is simply letting you know that the certificate does not match the destination. This does not normally impact your ability to use a particular website.

    Revision History

    Revision Publish Date Comments
    1.0
    21-Oct-2025
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products