On Apr 10, 2013, at 1:07 PM, .. <sauro...@gmx.de> wrote: > Hello list, > im playing around with Bump-Server-First method at the moment and I have > a quite simple question about this. > > For me it seems to work in non transparent mode at the moment, so i can > see also the https traffic going over the Proxy. But my browser gives me > out a warning that the certificate is not valid. > > Is that supposed to work like this? If i do understand this right i have > to install my "fake" certificate to my browser to avoid these messages > right? >
Yes, that is correct operation. Otherwise anyone could perform man-in-the-middle decryption with dynamically generated certificates that clients would trust. Guy
