On Sat, 2007-12-15 at 16:23 +0100, Roman Medina-Heigl Hernandez wrote: > How does Bluecoat deal with the fact that HTTPS connections are secured > point-to-point? If Bluecoat (or whatever) does some kind of MITM, client > browser would detect it and HTTPS would be broken. I still don't get the > point..
What you can do is install a trusted root certificate on the machines that connect through the proxy and have the proxy generate SSL certificates on the fly for the given domain. In other words, the proxy will be a CA issuing certificates for any kind of domain. The proxy will now need to check the SSL certificate of the external entity like CRL checking etc. The generated certificate can have the exact same content, the only difference is that it is now signed by the proxy CA. Martijn Brinkers -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
