Results 1 to 3 of 3
  1. #1
    Master Untangler
    Join Date
    Jan 2011
    Posts
    110

    Default HTTPS Inspector questions

    Can someone help me with a couple questions I have about HTTPS Inspector....

    1. after the untangle root certificate is installed on a computer, will HTTPS Inspector work on any browser that the client uses, or does something need to get installed for each browser they will use?

    2. what is trust blindly all certificates? I am trying to start using HTTPS Inspector across about 100 regular computer systems, and another 50-75 mobile guest devices on our network. Obviously, I am looking for the "least hassle" way of implementing HTTPS Inspector.

    3. for ipod/ipad/android/mobile users, do they simply visit the the http://0.0.0.0/cert to install and trust?

    4. Once installed/trusted, how long does the certificate last for? Is it really until 2033? Perhaps it will change after an Untangle version change?

    Thanks!

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    1) depends on the browser/OS. Some browsers use their own root store. Some apps have hard-coded certs.

    2) Since youre doing MITM, HTTPS Inspector must decide which certs to trust on behalf of the client since the client won't see the real cert. This setting means it will just accept anything even if the cert is self signed. It would be much better to explicitly allow certs that aren't verifiable through a trusted CA instead of just accepting anything.
    http://wiki.untangle.com/index.php/H...r_Certificates

    3) not sure about apple. It works on my android devices.

    4) Until you reinstall or create a new one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,050

    Default

    4) Looks like the template for the Root CA is 20 years of validation.

    A note here is that Untangle dose not allow users to modify the name of the root cert and it will become a huge issue when users tries to installs multiple roots from untangle systems on the same host. (if you have satellite offices were you also have https inspector installed)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2