This KB article is applicable to users on versions 10.0 and above.
This KB will detail how to configure Let's Encrypt. Let's Encrypt is a free, self renewing certificate introduced in version 10 firmware. Let's Encrypt provides a custom certificate that will allow users to utilize the Proxy Auto Config (PAC) file. Please see the related KB attached at the bottom for further instructions regarding PAC file usage.
Step 1. Set aside a domain name that is different than that of the Cipafilter. This can be any domain as long as it its owned by your organization and points to the External address of the Cipafilter.
Note: An example of a commonly used domain name is portal.organziationname.k12.state.us
Step 2. Create a DNS record that points the Let's Encrypt domain to the external IP address of the Cipafilter.
Step 3. Once the DNS changes are made, navigate to Customization > Portal Certificate and then select the drop down for Lets Encrypt. Fill in the fields with the appropriate information
Step 3. Click "Test Let's Encrypt Settings" if everything checks out OK, click "I Agree - Enable Let's Encrypt"
Step 4. Congratulations! You've successfully enabled Let's Encrypt!
Note: If you have set up Google O'auth prior to configuring your custom portal certificate, please update the redirect URI's found under Web Filtering > Authentication. Please see this link for more information regarding the PAC file.