Re: [squid-users] squid/sslbump + IE9

From: Sean Boran <sean_at_boran.com>
Date: Fri, 2 Dec 2011 18:22:26 +0100

Well yes, we are trying to incept...
I dont see where the "forgery" is, if my proxy CA is trusted and a
cert is generated for that target, signed by that CA, why should the
browser complain?

And why would FF not complain but IE9 does?

Sean

On 2 December 2011 17:29, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 3/12/2011 4:16 a.m., Sean Boran wrote:
>>
>> Yes it was add to the Windows cert store.  (Tools>  Options>  Content
>>>
>>> Certiifcates>  Trusted Root Certification Authorities).
>>
>> Not all all HTTPS websites cause errors either, e..g
>> https://www.credit-suisse.com is fine.
>
>
> Ouch. Their certificate is permitting any third-party (including your Squid)
> to forge their site credentials.
>
>
> Amos
Received on Fri Dec 02 2011 - 17:22:36 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 03 2011 - 12:00:02 MST