[squid-users] Installing certificate on Andriod to use with SSL-bump

tolga.cengiz at hctbilisim.com tolga.cengiz at hctbilisim.com
Wed Jun 10 16:46:38 UTC 2015


2015-06-10 19:28, James Lay yazmış:
> On 2015-06-10 10:22 AM, Amos Jeffries wrote:
>> On 10/06/2015 4:46 p.m., dkandle wrote:
>>> I would like to be able to inspect traffic from my android device. I 
>>> have a
>>> transparent squid proxy working with SSL bump (using WiFi to get 
>>> traffic
>>> through my proxy server). Everything works fine as long as I go 
>>> through a
>>> browser. But I would like to see the other traffic which the OS and 
>>> other
>>> apps are sending. Squid uses a certificate I generated for the web 
>>> sites and
>>> I create an exception for those without issue.
>>> If I install my certificate on the phone will it then accept the 
>>> certificate
>>> when squid returns it during the ssl setup?
>> 
>> Maybe.
>> 
>>> To be clear, I see the phone use
>>> port 443 to setup a secure session. However it rejects the 
>>> certificate (as
>>> it should) and terminates the session with no data being passed. I 
>>> can
>>> install my certificate on the phone, but will the android OS use that
>>> certificate for all services or only for browser sessions?
>> 
>> Maybe.
>> 
>>> If not, is there
>>> some other way I can get my fake certificate accepted for all 
>>> sessions for
>>> which it is used?
>> 
>> Only by adding the CA cert your Squid signs with to the OS certificate
>> set. Whether it is actually used from there is application specific 
>> and
>> none of us have control over that.
>> 
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
> 
> What kinda device?  I've put my ca cert on a couple Android
> devices...ranging from just email the cert and import all the way to
> cracking open a certificate .db file and inserting.
> 
> James
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list