Results 1 to 10 of 10
  1. #1
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    436

    Default SSL Cert Install Android ?

    Guys i'm playing around with SSL inspector on a separated VLan with a policy for that vlan to push all traffic out the new policy. I have SSL inspector turned on with a cert installed on a laptop and it's working. How do I get the cert to work properly with Android ? ( yes i have the SSID on the same vlan as the policy. I'm connected to the correct network.

    Followed this,

    https://support.securly.com/hc/en-us...ndroid-device-

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,809

    Default

    Android 11 has made it next to impossible to add a third party root certification.

    https://httptoolkit.tech/blog/androi...-certificates/
    dashpuppy likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    436

    Default

    Thanks sir, Thought so, I tried

  4. #4
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,891

    Default

    Even if you succeed, a lot of mobile apps now are doing something called "Certificate Pinning", whey they know what certificate they're supposed to see and will reject your replacement, even if it's otherwise trusted.
    Last edited by jcoehoorn; 12-07-2021 at 09:56 AM.
    dashpuppy likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.4.1 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  5. #5
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    436

    Default

    Quote Originally Posted by jcoehoorn View Post
    Even if you succeed, a lot of mobile apps now are doing something called "Certificate Pinning", whey they know what certificate they're supposed to see and will reject your replacement, even if it's otherwise trusted.
    So its more useful for laptops & desktops. Not mobile devices.
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/channel/UCa6...vrywIaGtDXOlSQ

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,393

    Default

    Soon it won't be useful at all, mTLS is the nature of the future and when you start using certificates to authenticate not only the server, but the client a uniform trust chain reveals any and all MITM attempts.

    SSL Inspection was dead on arrival, that's why I never used it and never recommended its use. The "need" for it doesn't matter, the nature of the beast determines reality.
    dashpuppy and mahotz like this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    436

    Default

    So when you roll out "untangle" what packages to you sell / use ? the NG Firewall Complete ? or Pick and choose ?
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/channel/UCa6...vrywIaGtDXOlSQ

  8. #8
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,891

    Default

    We don't use a number of the apps at all...
    Phish Block, Spam Blocker, Web Cache, and Ad Blocker aren't even installed. A couple others are installed but just turned off, including SSL Inspector.

    That said, we use enough that the Complete package is still far and away our more cost-effective option.
    dashpuppy likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.4.1 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,393

    Default

    Yeah, the way the pricing works if you want web filter + support, you're basically in for the entire complete package anyway. So I just push complete, the only time I do individual licenses is in the rare case that I need a multi-wan VPN terminator, then that unit will get just WAN failover / Balancer on it, and perhaps the IPSec module. But those units almost never stay that way long and wind up either going away, or getting complete soon thereafter anyway.
    dashpuppy likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    436

    Default

    Quote Originally Posted by sky-knight View Post
    Yeah, the way the pricing works if you want web filter + support, you're basically in for the entire complete package anyway. So I just push complete, the only time I do individual licenses is in the rare case that I need a multi-wan VPN terminator, then that unit will get just WAN failover / Balancer on it, and perhaps the IPSec module. But those units almost never stay that way long and wind up either going away, or getting complete soon thereafter anyway.
    Thought so, I use policy manager alot & many of the other things. Hope to bring many videos out to help !
    hpaunet likes this.
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/channel/UCa6...vrywIaGtDXOlSQ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2