Results 1 to 4 of 4
  1. #1
    Untangler malvivent7's Avatar
    Join Date
    Jan 2012
    Location
    Ferrara, Italy
    Posts
    48

    Default SSL Inspector on Android Phones

    Hi, i have installed SSLInspector succesfuly on my Untangle 13.1, but my Android devices complain about server certificate when connect to Facebook and so on; strangely when navigate no issue at all. This is my phone screenshot where android stored UNT certScreenshot_20170926-103754.png
    this is my UNT config-admin-certificates Conf-Adm-Cert.PNG
    and finally this is my sslinsp screenshot ssl-insp.PNG.
    I have a valid letsencrypt renwal certs for my untangle server my first question is i have to replace root ca with a letsencrypt ca for certs config? and why for iphone devices this issue is not present? thanks in advance for any help much appreciated.

  2. #2
    Master Untangler
    Join Date
    May 2010
    Posts
    416

    Default

    You have to exclude it in SSL Inspector.

    What you will find is that MANY Android apps use hard coded certificates, and are explicitly incompatible with SSL Inspector. An app that uses a hard coded cert will only accept that cert, preventing any kind of SSL man in the middle, which is how SSL Inspector works. You will have to add exclusions for each of those kind of apps in SSL Inspector to make them work correctly with no errors.

    Windows Store, oops "Microsoft Store", apps are starting to do that as well... So it is going to start being a bigger problem on Windows too.

  3. #3
    Master Untangler
    Join Date
    Aug 2016
    Posts
    131

    Default

    It really depends on the app and the platform. For my wife's iPhone for example, Facebook seems to be okay. But Facebook Messenger complains with SSL inspector. I have had to add a rule to exclude Facebook Messenger for example.
    Untangle 13.1.0 (13.1.0.20170912T113808)
    QOTOM-Q355G4
    1.6-2.7 GHz Intel I5 5250U, 128GB SSD mSATA, 4GB RAM DDR3L, 4 xRJ-45 Intel I211AT 10/100/1000 Controller

  4. #4
    Master Untangler
    Join Date
    May 2010
    Posts
    416

    Default

    Yes, it is 100% app specific. It all depends on how they made the app. I would watch out for it on secure messaging apps, banking apps, remote access apps, security apps (antivirus, credit monitoring, etc), etc.

    Those are some that I've had to bypass in the past.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2