Yes it is classical forgery as you say, but that is how SSL interception works. And yes, I created a self signed CA cert for the proxy and manually installed it into FF and IE browsers.
Firefox: Open 'Options' > 'Advanced' > 'Encryption' > 'View Certificates' >e 'Authorities' >'Import' button, select the .der file attached press 'OK' IE: Tools > Options > Content > Certificates > Trusted Root Certification Authorities Sean On 3 December 2011 04:11, Amos Jeffries <squ...@treenet.co.nz> wrote: > > On 3/12/2011 6:22 a.m., Sean Boran wrote: >> >> Well yes, we are trying to incept... >> I dont see where the "forgery" is, if my proxy CA is trusted and a >> cert is generated for that target, signed by that CA, why should the >> browser complain? > > > The "forgery" is that you are creating a certificate claiming to be fetched > from that website and authorizing you to act as their intermediary with > complete security clearance. When it is not. Exactly like me presenting > someone with a cheque against your bank account signed by myself. Forgery, by > the plain and simple definition of the word. This is why the browser > complains unless it has explicitly been made to trust the CA you use to sign. > > I missed the part where you had your signing CA already in the browser and > read that as the browser not complaining when only presented with the plain > cert. > > >> And why would FF not complain but IE9 does? > > > The one complaining does not trust the certificate or some part of its CA > chain. As others have said, each of the three browser engines uses their own > CA collections. > > Amos
