HTTPS Inspector questions

[bluesky]

Can someone help me with a couple questions I have about HTTPS Inspector....

1. after the untangle root certificate is installed on a computer, will HTTPS Inspector work on any browser that the client uses, or does something need to get installed for each browser they will use?

2. what is trust blindly all certificates? I am trying to start using HTTPS Inspector across about 100 regular computer systems, and another 50-75 mobile guest devices on our network. Obviously, I am looking for the "least hassle" way of implementing HTTPS Inspector.

3. for ipod/ipad/android/mobile users, do they simply visit the the http://0.0.0.0/cert to install and trust?

4. Once installed/trusted, how long does the certificate last for? Is it really until 2033? Perhaps it will change after an Untangle version change?

Thanks!

[dmorris]

1) depends on the browser/OS. Some browsers use their own root store. Some apps have hard-coded certs.

2) Since youre doing MITM, HTTPS Inspector must decide which certs to trust on behalf of the client since the client won't see the real cert. This setting means it will just accept anything even if the cert is self signed. It would be much better to explicitly allow certs that aren't verifiable through a trusted CA instead of just accepting anything.
http://wiki.untangle.com/index.php/H...r_Certificates

3) not sure about apple. It works on my android devices.

4) Until you reinstall or create a new one.

[WebFooL]

4) Looks like the template for the Root CA is 20 years of validation.

A note here is that Untangle dose not allow users to modify the name of the root cert and it will become a huge issue when users tries to installs multiple roots from untangle systems on the same host. (if you have satellite offices were you also have https inspector installed)