On 6/13/2014 10:02 AM, Alex Rousskov wrote:
On 06/12/2014 08:36 PM, Mike wrote:
So then next question is how do I know for sure ssl-bump is working?
A simple test is to look at the root CA certificate shown by the browser
at the *top* of the certificate chain for a secure (https) site. Please
note that you should not be looking at the site certificate. You should
be looking at the certificate that was used to sign the site certificate
(or the certificate that was used to sign the certificate that was used
to sign the site certificate, etc. -- go to the root of the certificate
chain).
If that root certificate is yours, then the site was bumped. If it is an
"official" root CA from a "well-known" company, the site was not bumped.
To check SslBump for many sites, you have to examine Squid logs which is
more difficult, especially if you test this with a mix of secure and
insecure traffic.
HTH,
Alex.
If thats the case then ssl-bump is not working. The root certificates
all show the mainstream companies, Digicert, Godaddy, Verisign, etc.
Mike