You may just want to switch to inspection.
On Tue, Feb 6, 2018 at 10:44 AM, Paul Mather <[email protected]> wrote: > On Feb 6, 2018, at 10:03 AM, Roberto Carna <[email protected]> wrote: > >> Dear Alex, so there is no solution to the given problem ??? >> >> I refer to install a CA private certificate in mobile devices and let >> them navigate and use applications through a transparent proxy without >> SSL errors... > > > It could be that the applications and devices you consider "don't work > correctly" are employing certificate and public key pinning (see, e.g., > https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning > <https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning> and > https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning > <https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning>). It is a technique > intended to defend against the very kind of certificate misuse in which you > appear to be engaged. > > Cheers, > > Paul. > > >> >> Regards, >> >> 2018-02-06 11:35 GMT-03:00 Alex Threlfall <[email protected]>: >>> They may be hard coded to look at only their own CA to prevent MiM attacks, >>> or use their own certificate store (for a similar behaviour). >>> >>> Alex. >>> >>>> -----Original Message----- >>>> From: List [mailto:[email protected]] On Behalf Of Roberto >>>> Carna >>>> Sent: 06 February 2018 13:32 >>>> To: pfSense Support and Discussion Mailing List <[email protected]> >>>> Subject: [pfSense] Squid transparent with SSL interception - CA >>> certificate >>>> problem >>>> >>>> People, I've setup a transparent Squid proxy for WiFi clients. I'm using >>> SSL >>>> interception so I had to generate a CA private certificate (generated from >>>> pfSense certificate manager tab). >>>> >>>> But when I add this CA private certificate to several Android an Iphone >>>> devices in order to proxify and filter SSL applications, some of the >>> Android >>>> devices don't work correctly: Facebook an Instagram don't load the >>> profiles >>>> and Mercadolibre doesn't open the menu. In the other Android and Iphone >>>> devices, everything works OK. >>>> >>>> Can this problem be related to the CA certificate (maybe I have to use a >>> given >>>> digest algorithm and key lenght) or is this an Android intrinsec problem >>>> depending of OS version??? >>>> >>>> Thanks a lot. >>>> >>>> ROBERT >>>> _______________________________________________ >>>> pfSense mailing list >>>> https://lists.pfsense.org/mailman/listinfo/list >>>> Support the project with Gold! https://pfsense.org/gold >>> >>> _______________________________________________ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
