[squid-users] Installing certificate on Andriod to use with SSL-bump
James Lay
jlay at slave-tothe-box.net
Wed Jun 10 16:28:58 UTC 2015
On 2015-06-10 10:22 AM, Amos Jeffries wrote:
> On 10/06/2015 4:46 p.m., dkandle wrote:
>> I would like to be able to inspect traffic from my android device. I
>> have a
>> transparent squid proxy working with SSL bump (using WiFi to get
>> traffic
>> through my proxy server). Everything works fine as long as I go
>> through a
>> browser. But I would like to see the other traffic which the OS and
>> other
>> apps are sending. Squid uses a certificate I generated for the web
>> sites and
>> I create an exception for those without issue.
>> If I install my certificate on the phone will it then accept the
>> certificate
>> when squid returns it during the ssl setup?
>
> Maybe.
>
>> To be clear, I see the phone use
>> port 443 to setup a secure session. However it rejects the certificate
>> (as
>> it should) and terminates the session with no data being passed. I can
>> install my certificate on the phone, but will the android OS use that
>> certificate for all services or only for browser sessions?
>
> Maybe.
>
>> If not, is there
>> some other way I can get my fake certificate accepted for all sessions
>> for
>> which it is used?
>
> Only by adding the CA cert your Squid signs with to the OS certificate
> set. Whether it is actually used from there is application specific and
> none of us have control over that.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
What kinda device? I've put my ca cert on a couple Android
devices...ranging from just email the cert and import all the way to
cracking open a certificate .db file and inserting.
James
More information about the squid-users
mailing list