[squid-users] Installing certificate on Andriod to use with SSL-bump

James Lay jlay at slave-tothe-box.net
Wed Jun 10 16:28:58 UTC 2015


On 2015-06-10 10:22 AM, Amos Jeffries wrote:
> On 10/06/2015 4:46 p.m., dkandle wrote:
>> I would like to be able to inspect traffic from my android device. I 
>> have a
>> transparent squid proxy working with SSL bump (using WiFi to get 
>> traffic
>> through my proxy server). Everything works fine as long as I go 
>> through a
>> browser. But I would like to see the other traffic which the OS and 
>> other
>> apps are sending. Squid uses a certificate I generated for the web 
>> sites and
>> I create an exception for those without issue.
>> If I install my certificate on the phone will it then accept the 
>> certificate
>> when squid returns it during the ssl setup?
> 
> Maybe.
> 
>> To be clear, I see the phone use
>> port 443 to setup a secure session. However it rejects the certificate 
>> (as
>> it should) and terminates the session with no data being passed. I can
>> install my certificate on the phone, but will the android OS use that
>> certificate for all services or only for browser sessions?
> 
> Maybe.
> 
>> If not, is there
>> some other way I can get my fake certificate accepted for all sessions 
>> for
>> which it is used?
> 
> Only by adding the CA cert your Squid signs with to the OS certificate
> set. Whether it is actually used from there is application specific and
> none of us have control over that.
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

What kinda device?  I've put my ca cert on a couple Android 
devices...ranging from just email the cert and import all the way to 
cracking open a certificate .db file and inserting.

James


More information about the squid-users mailing list