On Feb 6, 2018, at 10:03 AM, Roberto Carna <robertocarn...@gmail.com> wrote:
> Dear Alex, so there is no solution to the given problem ??? > > I refer to install a CA private certificate in mobile devices and let > them navigate and use applications through a transparent proxy without > SSL errors... It could be that the applications and devices you consider "don't work correctly" are employing certificate and public key pinning (see, e.g., https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning <https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning> and https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning <https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning>). It is a technique intended to defend against the very kind of certificate misuse in which you appear to be engaged. Cheers, Paul. > > Regards, > > 2018-02-06 11:35 GMT-03:00 Alex Threlfall <a...@cyberprog.net>: >> They may be hard coded to look at only their own CA to prevent MiM attacks, >> or use their own certificate store (for a similar behaviour). >> >> Alex. >> >>> -----Original Message----- >>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Roberto >>> Carna >>> Sent: 06 February 2018 13:32 >>> To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> >>> Subject: [pfSense] Squid transparent with SSL interception - CA >> certificate >>> problem >>> >>> People, I've setup a transparent Squid proxy for WiFi clients. I'm using >> SSL >>> interception so I had to generate a CA private certificate (generated from >>> pfSense certificate manager tab). >>> >>> But when I add this CA private certificate to several Android an Iphone >>> devices in order to proxify and filter SSL applications, some of the >> Android >>> devices don't work correctly: Facebook an Instagram don't load the >> profiles >>> and Mercadolibre doesn't open the menu. In the other Android and Iphone >>> devices, everything works OK. >>> >>> Can this problem be related to the CA certificate (maybe I have to use a >> given >>> digest algorithm and key lenght) or is this an Android intrinsec problem >>> depending of OS version??? >>> >>> Thanks a lot. >>> >>> ROBERT >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
