Dear all,
I found out the self signed ssl root cert for transparent SSL interception (SSL Bump + origin cert mimicking + dynamic cert generation) is valid only for 365 days max, no matter how many additional days specified in openssl cert generation command line.
If there are 500 PCs in my company, I have to update the root cert in every PC annually. This will be a nightmare ...
Any feedbacks or workarounds? I am experimenting with captive portal as a workaround to warn users and install the latest root cert themselves, but it is messy...
Ssl Bump has yet to reach its 1st birthday, doubt anyone been thru this scenario.
BTW, keep up the excellent work.
Received on Fri Jan 04 2013 - 04:16:29 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 04 2013 - 12:00:03 MST