Should it be so easy to install security certificates?

Recently, the organisation that provides our traffic filtering through the school I manage the network for had a problem — Google had switched all traffic to TLS, and searches could no longer be filtered.

This company’s solution was to create a root certificate that schools install that masquerades as Google’s, much like the recent fury with GoGo and in-flight filtering.

This is obviously a ridiculous idea, and breaks the whole concept of certification, but I had little choice than to comply for the moment, as with no access to Google services, I may as well resign.

Whilst muttering to myself that I should have stood up for the good of tech, and refused to go along with this madness, I had to install the certificate on the iPads we have here.

And oh my, it was easy.

Bearing in mind this is a certificate that allows decryption of all traffic to Google servers, I was shocked. It’s as simple as:

Click the link to the .crt in Safari.

Click Install.

Is that really OK? How often do the general public need to install certificates manually? I cannot see a usability reason for the ease of install that comes anywhere close to the security implications.

Am I the only frustrated, worried sysadmin out there that thinks this?