On 06/12/2014 08:36 PM, Mike wrote: > So then next question is how do I know for sure ssl-bump is working?
A simple test is to look at the root CA certificate shown by the browser at the *top* of the certificate chain for a secure (https) site. Please note that you should not be looking at the site certificate. You should be looking at the certificate that was used to sign the site certificate (or the certificate that was used to sign the certificate that was used to sign the site certificate, etc. -- go to the root of the certificate chain). If that root certificate is yours, then the site was bumped. If it is an "official" root CA from a "well-known" company, the site was not bumped. To check SslBump for many sites, you have to examine Squid logs which is more difficult, especially if you test this with a mix of secure and insecure traffic. HTH, Alex.
