subject:"\[squid\-users\] ssl bump certificate question"

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Jok Thuau

On Wed, Sep 7, 2016 at 3:05 PM, Marcus Kool 
wrote:

>
> slightly off topic: what is the easiest way to install a cert on a
> smartphone?
> I looked for an app but did not find one.
>
>
Look for some MDM solutions. That's not really an option for one (personal)
phone, but for a company, that allows you to manage a fleet of phone
long-term, including profiles, policies, etc (including certs, both client
certs and root certs).
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Antony Stone

On Thursday 08 September 2016 at 00:06:02, Marcus Kool wrote:

> slightly off topic: what is the easiest way to install a cert on a
> smartphone? I looked for an app but did not find one.

On my Android 4.2.2 device:

Settings -> Security -> Trusted credentials: "Display trusted CA certificates"

Settings -> Security -> Install from SD card: "Install certificates from SD 
card"

Antony.

-- 
You can tell that the day just isn't going right when you find yourself using 
the telephone before the toilet.

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Marcus Kool




On 09/07/2016 05:58 PM, Antony Stone wrote:

On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote:


08.09.2016 2:25, erdosain9 пишет:

Hi.
A query. Sslbump is possible without installing the certificate,
machine by machine ???


Bump impossible. Splice - possible.


Is there any way that this certificate Squid SUBMIT ??


Cant understand question. What do you mean?


I believe he wants a mechanism for squid to be able to provide the fake CA
certificate to the browser, so that the browser then trusts the fake site
certificate which is signed with it.

Of course, this is impossible, since any mechanism which allowed this would
allow the browser to be fooled into trusting any certificate anyone cared to
wave at it.


Antony.


Yes, I also interpret his question like that.

slightly off topic: what is the easiest way to install a cert on a smartphone?
I looked for an app but did not find one.

Marcus

--
int main()
{
   printf("42\n");
}
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Marcus Kool




On 09/07/2016 05:58 PM, Antony Stone wrote:

On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote:


08.09.2016 2:25, erdosain9 пишет:

Hi.
A query. Sslbump is possible without installing the certificate,
machine by machine ???


Bump impossible. Splice - possible.


Is there any way that this certificate Squid SUBMIT ??


Cant understand question. What do you mean?


I believe he wants a mechanism for squid to be able to provide the fake CA
certificate to the browser, so that the browser then trusts the fake site
certificate which is signed with it.

Of course, this is impossible, since any mechanism which allowed this would
allow the browser to be fooled into trusting any certificate anyone cared to
wave at it.


Antony.


Yes, I also interpret his question like that.

slightly off topic: what is the easiest way to install a cert on a smartphone?
I looked for an app but did not find one.

Marcus

--
int main()
{
   printf("42\n");
}
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread erdosain9


"I believe he wants a mechanism for squid to be able to provide the fake CA 
certificate to the browser"
Exactly. ok, no possible then.
Thanks



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-certificate-question-tp4679409p4679413.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 


08.09.2016 2:58, Antony Stone пишет:
> On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote:
>
>> 08.09.2016 2:25, erdosain9 пишет:
>>> Hi.
>>> A query. Sslbump is possible without installing the certificate,
>>> machine by machine ???
>>
>> Bump impossible. Splice - possible.
>>
>>> Is there any way that this certificate Squid SUBMIT ??
>>
>> Cant understand question. What do you mean?
>
> I believe he wants a mechanism for squid to be able to provide the
fake CA
> certificate to the browser, so that the browser then trusts the fake site
> certificate which is signed with it.
>
> Of course, this is impossible, since any mechanism which allowed this
would
> allow the browser to be fooled into trusting any certificate anyone
cared to
> wave at it.
(facepalm)
>
>
>
> Antony.
>

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX0H+7AAoJENNXIZxhPexG8+YH/jq85O+ieQ5+Bf5CK2arYyb2
F7p7sa3+bgFY4zuw9e592fCWlMaUEQdCVGSwnSJv6Zaxsylst/GnBk8d1yq1PyAR
R6CKr9itvwvyfqKXpqbasB41NogbesHn21ht5ttxusv+c0i1onp6BHDkWRVDEBTA
RLrdBZmw/yuHCOKXi3L3Ef/0k7OVHfbvTXUAcI70cweaGMr8Nbofm6Zn/T6LN2ow
FJKSFrWpluMFhidaMhEuLiJ/FmbgCJSl2E14Bz57YBusiMVmjNvJjIpo5dnPbxnF
HyQrkRq/UJxHw2YIeVIrQ4+Yubw4xxerw7R2ecO3fCoH7Y6dyL/D4R2e96t33dw=
=SvH8
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Antony Stone

On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote:

> 08.09.2016 2:25, erdosain9 пишет:
> > Hi.
> > A query. Sslbump is possible without installing the certificate,
> > machine by machine ???
> 
> Bump impossible. Splice - possible.
> 
> > Is there any way that this certificate Squid SUBMIT ??
> 
> Cant understand question. What do you mean?

I believe he wants a mechanism for squid to be able to provide the fake CA 
certificate to the browser, so that the browser then trusts the fake site 
certificate which is signed with it.

Of course, this is impossible, since any mechanism which allowed this would 
allow the browser to be fooled into trusting any certificate anyone cared to 
wave at it.

Antony.

-- 
#define SIX 1+5
#define NINE 8+1

int main() {
printf("%d\n", SIX * NINE);
}
- thanks to ECB for bringing this to my attention

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

2016-09-07 Thread Yuri Voinov


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
 


08.09.2016 2:25, erdosain9 пишет:
>
> Hi.
> A query. Sslbump is possible without installing the certificate,
machine by
> machine ???
Bump impossible. Splice - possible.
>
> Is there any way that this certificate Squid SUBMIT ??
Cant understand question. What do you mean?
>
>
> sorry for my english.
>
> Thanks!
>
>
>
> --
> View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-certificate-question-tp4679409.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-BEGIN PGP SIGNATURE-
Version: GnuPG v2
 
iQEcBAEBCAAGBQJX0H6pAAoJENNXIZxhPexG4bgIALO4Gudeot2aSVp9ckCaRdDO
mMv9R9P1W2rT2b2tZt9b39mFrU7qFnF/m1m3p1++vqBr7StSZKyeWxJFYhwXA86p
cvKiyk6Nd/1u29eXfr4+dJRFD2jf3aax84cjgAIlJLzZrO3QAYzEZs/f36GkmFVs
WDz/1oOjpH7hXqoohVL4X+DFUb9Iq5DHwMLP6pDhu9d4sFxX0DOQfoilp9P7gBd5
yxXevN/kfjaf8Rm53xLYjPO81dY9iLkMJEwt4aEQpBHvNd2hWKgIk9sjS6d58++L
MiKUDiCzW6BZMhQB6tZ6LaDYULH2eThjJ1a8Ahc36N3uglHdG4CQrEh64aDcMj0=
=avbu
-END PGP SIGNATURE-



0x613DEC46.asc
Description: application/pgp-keys
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] ssl bump certificate question

2016-09-07 Thread erdosain9


Hi.
A query. Sslbump is possible without installing the certificate, machine by
machine ???
Is there any way that this certificate Squid SUBMIT ??

sorry for my english.

Thanks!



--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-certificate-question-tp4679409.html
Sent from the Squid - Users mailing list archive at Nabble.com.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] ssl bump certificate question

Re: [squid-users] ssl bump certificate question

Re: [squid-users] ssl bump certificate question

Re: [squid-users] ssl bump certificate question

Re: [squid-users] ssl bump certificate question

Re: [squid-users] ssl bump certificate question

Re: [squid-users] ssl bump certificate question

Re: [squid-users] ssl bump certificate question

[squid-users] ssl bump certificate question

9 matches

Site Navigation

Mail list logo

Footer information