Chinaski1
commented
3 years ago Hello there!
It's actually a good idea. We plan to add a certificate to the export settings. The export will tentatively be added in the next updates of AdGuard.
Open ZeroClover opened 3 years ago
Chinaski1
commented
3 years ago Hello there!
It's actually a good idea. We plan to add a certificate to the export settings. The export will tentatively be added in the next updates of AdGuard.
ZeroClover
commented
3 years ago @Chinaski1
Is it possible to make it possible for AdGuard to use a custom CA certificate (rather than the CA certificate generated during AdGuard installation) to take advantage of an existing CA that has been issued through the MDM.
Since AdGuard for iOS can only use DNS filtering and Safari content filters, it cannot fully filter all ads. Setting the iPhone's HTTP proxy to the full version of AdGuard running on a Mac or Windows may help filter more ads. But installing separate certificates for each iOS device is a hassle.
ameshkov
commented
3 years ago @ZeroClover you can export AdGuard's cert if you visit http://local.adguard.org/cert.
This link would also work if you configure your iOS devices to use AdGuard's HTTP proxy.
ZeroClover
commented
3 years ago @ameshkov Yes, but different AdGuard installations use different CAs. Since I need to move around multiple networks, I would like to use the same CA.
Also, configuring CA certificates for each AdGuard Windows / Mac installation on a larger number of iOS devices (20+) is a huge undertaking, especially since these CA certificates have the same name and completely different content, and maintaining them is very difficult :(
It is also helpful if there is a way to standardize the CA certificates used by multiple AdGuard installations.
ameshkov
commented
3 years ago I see. Probably, could be exposed via advanced settings.
At present, AdGuard will generate a separate CA certificate for each installation, which does cause certain obstacles when using the local network HTTP proxy.
For example, since AdGuard is installed on a personal computer rather than a server, these devices may need to be installed with system updates and cannot be used for a long time. To switch the HTTP proxy to another device with AdGuard installed, the certificate must be reinstalled.
After replacing the computer, we also need to install new certificates for other devices in the local network, which is very troublesome for the TV boxes (such as Apple TV).
If you allow advanced users to customize the CA certificate, it helps to install a unified MitM CA on all devices without installing many CA certificates.