RootCA adding trust for SSL blocked pages

[mveplus]

This is a feature request, an enhancement to mitigate blocked https pages browsers warnings for an untrusted certificate when adhomeguard block page is served.

Generate and expose private/public keys RootCA in AdGuardHome.yaml and web interface for easy installation in browsers and system root trust store to add trust for any certificate signed by AHG.

I don't know how the internal signing is working now, but it looks like when a blocked https page is visited AGH generates a self-signed spoofed certificate with the blocked domain name.
Instead, it can generate on the first run a self-signed RootCA pair that can be used for signing the spoofed blocked pages. The public rootCA certificate imported into the browser and the private key used to sign blocked pages certificate, this will eliminate browser warnings, and also additional user interactions.

[ameshkov]

Thank you!

Yeah, makes sense to do it as a part of #454.

[WildByDesign]

I would also like to see this feature implemented. Particularly because so much has moved to https these days.

An example would be kids iPads with AdGuard Parental Control feature. iOS makes it very difficult to ever get to the block page due to certificate errors. You have to click on 2-3 things each time to bypass the cert errors just to land on block page.

OpenDNS Family Shield has a RootCA (https://support.opendns.com/hc/en-us/articles/227987007-Block-Page-Errors-Installing-the-Cisco-Umbrella-Root-CA) which you can install on iOS devices and other devices. This makes the redirection to their block page a smooth process without certificate errors.