Re: [squid-users] squid/sslbump + IE9

2011-12-04 Thread Sean Boran
Yes it is classical forgery as you say, but that is how SSL interception works. And yes, I created a self signed CA cert for the proxy and manually installed it into FF and IE browsers. Firefox: Open 'Options' > 'Advanced' > 'Encryption' > 'View Certificates' >e 'Authorities' >'Import' button, sel

Re: [squid-users] squid/sslbump + IE9

2011-12-02 Thread Amos Jeffries
On 3/12/2011 6:22 a.m., Sean Boran wrote: Well yes, we are trying to incept... I dont see where the "forgery" is, if my proxy CA is trusted and a cert is generated for that target, signed by that CA, why should the browser complain? The "forgery" is that you are creating a certificate claiming

Re: [squid-users] squid/sslbump + IE9

2011-12-02 Thread Sean Boran
Well yes, we are trying to incept... I dont see where the "forgery" is, if my proxy CA is trusted and a cert is generated for that target, signed by that CA, why should the browser complain? And why would FF not complain but IE9 does? Sean On 2 December 2011 17:29, Amos Jeffries wrote: > On 3/

Re: [squid-users] squid/sslbump + IE9

2011-12-02 Thread Amos Jeffries
On 3/12/2011 4:16 a.m., Sean Boran wrote: Yes it was add to the Windows cert store. (Tools> Options> Content Certiifcates> Trusted Root Certification Authorities). Not all all HTTPS websites cause errors either, e..g https://www.credit-suisse.com is fine. Ouch. Their certificate is permit

Re: [squid-users] squid/sslbump + IE9

2011-12-02 Thread Sean Boran
Yes it was add to the Windows cert store. (Tools > Options > Content > Certiifcates > Trusted Root Certification Authorities). Not all all HTTPS websites cause errors either, e..g https://www.credit-suisse.com is fine. Sean On 2 December 2011 15:03, Guy Helmer wrote: > > On Dec 2, 2011, at 3:5