[squid-users] Squid transparent with SSL interception - CA certificate problem

Yuri yvoinov at gmail.com
Tue Feb 6 13:38:06 UTC 2018


Mobile devices, depending "OS", often uses CAs different. From system
store, from browser's store (I mean FF), and something apps will __never
use user's CA__.

This is (IMHO useless) security theathre in mobile devices manufacturers.


06.02.2018 19:30, Roberto Carna пишет:
> People, I've setup a transparent Squid proxy for WiFi clients. I'm
> using SSL interception so I had to generate a CA private certificate
> (generated from pfSense certificate manager tab).
>
> But when I add this CA private certificate to several Android an
> Iphone devices, some of the Android devices don't work correctly:
> Facebook an Instagram don't load the profiles and Mercadolibre doesn't
> open the menu. In the other Android and Iphone devices, everything
> works OK.
>
> Can this problem be related to the CA certificate (maybe I have to use
> a given digest algorithm and key lenght) or is this an Android
> intrinsec problem depending of OS version???
>
> Thanks a lot.
>
> ROBERT
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180206/8e6af314/attachment.sig>


More information about the squid-users mailing list