Re: [squid-users] ssl bump certificate question
On Wed, Sep 7, 2016 at 3:05 PM, Marcus Koolwrote: > > slightly off topic: what is the easiest way to install a cert on a > smartphone? > I looked for an app but did not find one. > > Look for some MDM solutions. That's not really an option for one (personal) phone, but for a company, that allows you to manage a fleet of phone long-term, including profiles, policies, etc (including certs, both client certs and root certs). ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl bump certificate question
On Thursday 08 September 2016 at 00:06:02, Marcus Kool wrote: > slightly off topic: what is the easiest way to install a cert on a > smartphone? I looked for an app but did not find one. On my Android 4.2.2 device: Settings -> Security -> Trusted credentials: "Display trusted CA certificates" Settings -> Security -> Install from SD card: "Install certificates from SD card" Antony. -- You can tell that the day just isn't going right when you find yourself using the telephone before the toilet. Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl bump certificate question
On 09/07/2016 05:58 PM, Antony Stone wrote: On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote: 08.09.2016 2:25, erdosain9 пишет: Hi. A query. Sslbump is possible without installing the certificate, machine by machine ??? Bump impossible. Splice - possible. Is there any way that this certificate Squid SUBMIT ?? Cant understand question. What do you mean? I believe he wants a mechanism for squid to be able to provide the fake CA certificate to the browser, so that the browser then trusts the fake site certificate which is signed with it. Of course, this is impossible, since any mechanism which allowed this would allow the browser to be fooled into trusting any certificate anyone cared to wave at it. Antony. Yes, I also interpret his question like that. slightly off topic: what is the easiest way to install a cert on a smartphone? I looked for an app but did not find one. Marcus -- int main() { printf("42\n"); } ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl bump certificate question
On 09/07/2016 05:58 PM, Antony Stone wrote: On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote: 08.09.2016 2:25, erdosain9 пишет: Hi. A query. Sslbump is possible without installing the certificate, machine by machine ??? Bump impossible. Splice - possible. Is there any way that this certificate Squid SUBMIT ?? Cant understand question. What do you mean? I believe he wants a mechanism for squid to be able to provide the fake CA certificate to the browser, so that the browser then trusts the fake site certificate which is signed with it. Of course, this is impossible, since any mechanism which allowed this would allow the browser to be fooled into trusting any certificate anyone cared to wave at it. Antony. Yes, I also interpret his question like that. slightly off topic: what is the easiest way to install a cert on a smartphone? I looked for an app but did not find one. Marcus -- int main() { printf("42\n"); } ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl bump certificate question
"I believe he wants a mechanism for squid to be able to provide the fake CA certificate to the browser" Exactly. ok, no possible then. Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-certificate-question-tp4679409p4679413.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl bump certificate question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 08.09.2016 2:58, Antony Stone пишет: > On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote: > >> 08.09.2016 2:25, erdosain9 пишет: >>> Hi. >>> A query. Sslbump is possible without installing the certificate, >>> machine by machine ??? >> >> Bump impossible. Splice - possible. >> >>> Is there any way that this certificate Squid SUBMIT ?? >> >> Cant understand question. What do you mean? > > I believe he wants a mechanism for squid to be able to provide the fake CA > certificate to the browser, so that the browser then trusts the fake site > certificate which is signed with it. > > Of course, this is impossible, since any mechanism which allowed this would > allow the browser to be fooled into trusting any certificate anyone cared to > wave at it. (facepalm) > > > > Antony. > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX0H+7AAoJENNXIZxhPexG8+YH/jq85O+ieQ5+Bf5CK2arYyb2 F7p7sa3+bgFY4zuw9e592fCWlMaUEQdCVGSwnSJv6Zaxsylst/GnBk8d1yq1PyAR R6CKr9itvwvyfqKXpqbasB41NogbesHn21ht5ttxusv+c0i1onp6BHDkWRVDEBTA RLrdBZmw/yuHCOKXi3L3Ef/0k7OVHfbvTXUAcI70cweaGMr8Nbofm6Zn/T6LN2ow FJKSFrWpluMFhidaMhEuLiJ/FmbgCJSl2E14Bz57YBusiMVmjNvJjIpo5dnPbxnF HyQrkRq/UJxHw2YIeVIrQ4+Yubw4xxerw7R2ecO3fCoH7Y6dyL/D4R2e96t33dw= =SvH8 -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl bump certificate question
On Wednesday 07 September 2016 at 22:55:06, Yuri Voinov wrote: > 08.09.2016 2:25, erdosain9 пишет: > > Hi. > > A query. Sslbump is possible without installing the certificate, > > machine by machine ??? > > Bump impossible. Splice - possible. > > > Is there any way that this certificate Squid SUBMIT ?? > > Cant understand question. What do you mean? I believe he wants a mechanism for squid to be able to provide the fake CA certificate to the browser, so that the browser then trusts the fake site certificate which is signed with it. Of course, this is impossible, since any mechanism which allowed this would allow the browser to be fooled into trusting any certificate anyone cared to wave at it. Antony. -- #define SIX 1+5 #define NINE 8+1 int main() { printf("%d\n", SIX * NINE); } - thanks to ECB for bringing this to my attention Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ssl bump certificate question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 08.09.2016 2:25, erdosain9 пишет: > > Hi. > A query. Sslbump is possible without installing the certificate, machine by > machine ??? Bump impossible. Splice - possible. > > Is there any way that this certificate Squid SUBMIT ?? Cant understand question. What do you mean? > > > sorry for my english. > > Thanks! > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-certificate-question-tp4679409.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX0H6pAAoJENNXIZxhPexG4bgIALO4Gudeot2aSVp9ckCaRdDO mMv9R9P1W2rT2b2tZt9b39mFrU7qFnF/m1m3p1++vqBr7StSZKyeWxJFYhwXA86p cvKiyk6Nd/1u29eXfr4+dJRFD2jf3aax84cjgAIlJLzZrO3QAYzEZs/f36GkmFVs WDz/1oOjpH7hXqoohVL4X+DFUb9Iq5DHwMLP6pDhu9d4sFxX0DOQfoilp9P7gBd5 yxXevN/kfjaf8Rm53xLYjPO81dY9iLkMJEwt4aEQpBHvNd2hWKgIk9sjS6d58++L MiKUDiCzW6BZMhQB6tZ6LaDYULH2eThjJ1a8Ahc36N3uglHdG4CQrEh64aDcMj0= =avbu -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] ssl bump certificate question
Hi. A query. Sslbump is possible without installing the certificate, machine by machine ??? Is there any way that this certificate Squid SUBMIT ?? sorry for my english. Thanks! -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-bump-certificate-question-tp4679409.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users