Squid transparent with SSL interception - CA certificate problem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid transparent with SSL interception - CA certificate problem

Roberto Carna
People, I've setup a transparent Squid proxy for WiFi clients. I'm
using SSL interception so I had to generate a CA private certificate
(generated from pfSense certificate manager tab).

But when I add this CA private certificate to several Android an
Iphone devices, some of the Android devices don't work correctly:
Facebook an Instagram don't load the profiles and Mercadolibre doesn't
open the menu. In the other Android and Iphone devices, everything
works OK.

Can this problem be related to the CA certificate (maybe I have to use
a given digest algorithm and key lenght) or is this an Android
intrinsec problem depending of OS version???

Thanks a lot.

ROBERT
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid transparent with SSL interception - CA certificate problem

Yuri Voinov
Mobile devices, depending "OS", often uses CAs different. From system
store, from browser's store (I mean FF), and something apps will __never
use user's CA__.

This is (IMHO useless) security theathre in mobile devices manufacturers.


06.02.2018 19:30, Roberto Carna пишет:

> People, I've setup a transparent Squid proxy for WiFi clients. I'm
> using SSL interception so I had to generate a CA private certificate
> (generated from pfSense certificate manager tab).
>
> But when I add this CA private certificate to several Android an
> Iphone devices, some of the Android devices don't work correctly:
> Facebook an Instagram don't load the profiles and Mercadolibre doesn't
> open the menu. In the other Android and Iphone devices, everything
> works OK.
>
> Can this problem be related to the CA certificate (maybe I have to use
> a given digest algorithm and key lenght) or is this an Android
> intrinsec problem depending of OS version???
>
> Thanks a lot.
>
> ROBERT
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
--
*****************************
* C++20 : Bug to the future *
*****************************



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

signature.asc (673 bytes) Download Attachment