Skip to main content
All CollectionsAdmin Basics
MacOS - DNS over HTTPS (DoH) Server Setup
MacOS - DNS over HTTPS (DoH) Server Setup

This document will help you setup DoH in the Google Chrome browser on a MacOS device.

Updated this week

Overview

This method of traffic redirection should be used for trials, pilots, and limited deployments. In most cases, using this method most end users will be able to bypass the security and governance that SurePath AI provides. For production deployments, customers should use a redirection method that can not be easily bypassed.

Devices accessing GenAI sites using the SurePath solution will also be required to add the SurePath AI security certificates. In large quantities this could be an onerous task without automation or an MDM tool.

Prerequisites

  • SurePath AI Root Certificate (get this from you SurePath AI Field CTO)

  • DNS over HTTP (DoH) Address (in this document)

  • Use a web browser capable of DoH (We will show how to do this with Google Chrome)

Procedures

All Operating Systems and Browsers

All operating systems will need these files and information.

  1. DoH server URL

    1. https://doh.surepath.ai/dns-query

  2. Configuration validate page

    1. https://ready.surepath.ai

  3. This site will also allow downloads of the SurePath AI security certificates should you not have them already.

Setup Chrome on Mac

  1. Select Chrome -> Settings from the MacOS Menu Bar (alternatively click the three vertical dots next to the icon of your Google login on the right side of the Chrome menu bar)

  1. From the left navigation bar select Privacy and security > Security

  1. Turn on Use secure DNS with the toggle

  2. Select Add custom DNS service provider from the drop down menu

  3. Enter the SurePath DoH server address into the field provided.

5. Be sure to leave this field or the setting will not take effect.

Install the SurePath Security Certificate on Mac

  1. Find the SurePath AI Root Certificate that you downloaded or was sent to you.

  2. Right click on the file and select Open With > Keychain Access

  3. Enter your password or authenticate as required.

  4. Once open the certificate may be selected. If it’s not, type SurePath into the search window to find it and select it. It should show that This root certificate is not trusted.

5. Double Click the SurePath AI Root CA (same as Right click > Get info)

6. Expand and select Trust > When using this certificate > Always Trust

7. Be sure to close the window for the settings to take effect.

8. Setup is complete and you can do Configuration Validation next.

Configuration Validation

Once you have completed interception with SASE software or a DoH setup you can use the following website to ensure that GenAI traffic will pass through the SurePath AI system.

  1. Navigate to https://ready.surepath.ai/

  2. This webpage will let you know if you are configured properly.

Related Articles
Windows - DNS over HTTPS (DoH) Server Setup
Did this answer your question?