Results 1 to 6 of 6

Thread: SSL Inspector

  1. #1
    Newbie
    Join Date
    May 2019
    Location
    Portugal
    Posts
    7

    Default SSL Inspector

    Hi everyone,

    new user of untangle here. Been using pfSense for more than 10 years and i have to say that untangle is making a great work on gui, simplicity and internal app's. Got everything working pretty fast but got a question to the guru's of this software.

    Upon activating SSL Inspector (and installing the certificate on computers) Firefox still wont go to google.com / google.pt search engine. On my nvidia shield i'll get not network also (due to it being bound to google's services), but on this box i could not install the certificate.

    I've passed by the video tutorial that shows how to get the rules for all domains of google but maybe i'm passing some step because even with those on ignore its still a no go for google on firefox and for nvidia box.

    Again, thanks for the help in advance and keep up the good work

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,455

    Default

    Firefox has its own certificate store, so you have to install the certificate into it specifically. Google has hard coded certificates in many endpoints that will detect the intrusion, and lock itself down.

    Your only choice is to not inspect the impacted traffic. It is not recommended that you inspect all traffic, only specific traffic.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    May 2019
    Location
    Portugal
    Posts
    7

    Default

    That is a shame... was looking to use such a feature to inspect google/facebook mainly but not being able to send messages on facebook or having android box's connecting is a no go.


    Thanks for the quick answer and help @sky-knight

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,941

    Default

    SSL Inspector is a break of SSL encryption. It is the object of SSL to make it difficult to decrypt. The future of SSL will see more and more of these MITM decryption methods blocked.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    May 2019
    Location
    Portugal
    Posts
    7

    Default

    good moning,

    i just went to it again and this time got it all working with a little more coffe to help out

    On all the pc's its working (did the about:config for Firefox), google was auto with the exe installer. Android phones, iPad, all working fine. What i'm missing on testing are the tv's for the youtube app's to see if they are or not working, the nvidia shield seems to be a no go (i've catch some people asking for installing cert and no option is available and upon trying to install it via a usb pen i get a no install ), and facebook messenger is not working on phones but is ok on pc's some some relay probably on the phones (edited to say it is working now).

    Indeed a step up on this app for me :-)
    Last edited by Tchucho; 06-09-2019 at 11:07 AM.

  6. #6
    Newbie
    Join Date
    May 2019
    Location
    Portugal
    Posts
    7

    Default

    Tv's off the SSL inspector as per nvidia shield.
    Some tweaking for facebook web messenger on mobile and all is working on the remaing machines/servers with SSL Inspector online.

    Now that is really nice :-)
    Last edited by Tchucho; 06-09-2019 at 11:28 AM.
    skearton likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2