Exa Networks Ltd. Help

SurfProtect Setup

Created: July 22, 2025
Author: Samia
Edited: February 27, 2026

SurfProtect Setup

Introduction

SurfProtect’s cloud-based HTTPS filtering feature requires that all devices on your network trust Exa. This document provides guidance to enable this across your network, however, should you require any additional help then please do not hesitate to contact our dedicated Support Team on 0345 145 1234 or by emailing support

Certificate Setup

A certificate published by Exa needs to be installed on each device within your network. This can be done on a per machine basis, however we have detailed how to deploy the necessary certificate using various management tools below.

Note: for all customers using our connectivity, we recommend setting your DNS forwarders to:82.219.4.28 & 82.219.4.29

  1. Download your SurfProtect Certificate
  2. Once you are logged into your active directory server, go to Start > Administrative Tools > Group Policy Management
  3. Identify the Group Policy Object that you wish to edit (optionally, you may wish to create a new Group Policy Object to define all SurfProtect settings in one place)
  4. Right click the newly created Group Policy Object and select Edit
  5. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies
  6. Right click on the folder Trusted Root Certification Authorities and select Import
  7. Follow the steps in the Certificate Import Wizard , providing the location of the certificate downloaded from the SurfProtect panel when prompted for a file to import
  1. Download your SurfProtect Certificate
  2. Log into the admin panel at admin.google.com
  3. Navigate to Device Management
  4. In the DEVICE SETTINGS menu on the left, select Network
  5. Select Certificate > ADD CERTIFICATE
  6. Ensure that the option labelled Use this certificate as an HTTPS certificate authority is checked
  7. Click Save

  1. Download your SurfProtect Certificate
  2. Click the Windows Start Button and type ‘mmc’ into the search bar to locate and run the Microsoft Management Console
  3. Navigate to the File menu > Add/Remove Snap-in
  4. From the Available Snap-ins pane, select Certificates and then click on the button labelled Add
  5. In the Certificates Snap-in wizard, select Computer Account or Local Computer when prompted for which context the snap-in should manage certificate for
  6. Click Finish to close the wizard and OK to close the snap-ins window
  7. In the console tree, double-click on Certificates
  8. Right-click the Trusted Root Certification Authorities and click Import
  9. Follow the steps in the Certificate Import Wizard, providing the location of the certificate downloaded from the SurfProtect panel when prompted for a file to import

  1. Download your SurfProtect Certificate
  2. Launch Keychain Access
  3. From the Keychain Access toolbar, select File > Import Items
  4. Provide the location of the downloaded certificate when prompted for a file location and click Open
  5. Double-click on the newly imported certificate, labelled Exa Networks Ltd CA
  6. In the Trust section of the newly opened window, set the value in the dropdown labelled Secure Sockets Layer (SSL) to Always Trust
  7. Close the current window to apply changes
  8. Enter your system password when prompted and click on Update Settings
  1. Download your SurfProtect Certificate
  2. Tap Allow on the pop-up
  3. On the following screen tap Install (if using iOS 12.x, you can find this in Settings > Profile Downloaded)
  4. Input your Passcode if prompted
  5. Confirm by tapping Install
  6. Return to Settings and follow: General > About > Certificate Trust Settings and Enable ‘Exa Networks Ltd Root CA’ by tapping the slider
  1. Download your SurfProtect Certificate
  2. Open the Chrome Browser
  3. Go to Settings
  4. Click Privacy and Security on the left hand side menu
  5. Click Security in the middle
  6. Scroll down to Manage Certificates
  7. Ensure you click Authorities, then Import
  1. Download your SurfProtect Certificate
  2. Open Device settings
  3. Go to Security (or Biometrics and Security)
  4. Go to Other Security Settings
  5. Go to Install From Storage or Install a Certificate (depending on devices)
  6. Select CA Certificate from the list of types available
  7. Accept a warning alert
  8. Navigate to the certificate file on the device and click Open to confirm the certificate install

 

Legacy Individual Machine Installation

  1. Download your SurfProtect Quantum Certificate
  2. This will prompt a download, click Open
  3. Input your Passcode when prompted
  4. Set the certificate name then choose credential use as VPN and Apps option
  5. Tap OK, this will then install and become a user certificate
  1. Download your SurfProtect Quantum Certificate
  2. Scroll to the bottom of your Chromebook’s Settings page and click on Show Advanced Settings
  3. Under the HTTPS/SSL section, click on Manage Certificates
  4. Navigate to the Authorities tab in the Certificate Manager and click Import
  5. Select the certificate from your Downloads location and click on Open

Installation Verification

You can check whether the certificate is being successfully trusted by visiting the SurfProtect Certificate Status page

Cert Check

Categories
Related Posts
How to check Bandwidth metrics 2025/04/23
Open Ports - High Risk Ports 2026/02/23
How to set an Outbound NAT - Draytek 2025/07/16