[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: large campus network ... sugestions

On Sat, 2007-12-15 at 16:23 +0100, Roman Medina-Heigl Hernandez wrote:
> How does Bluecoat deal with the fact that HTTPS connections are secured
> point-to-point? If Bluecoat (or whatever) does some kind of MITM, client
> browser would detect it and HTTPS would be broken. I still don't get the
> point..

What you can do is install a trusted root certificate on the machines
that connect through the proxy and have the proxy generate SSL
certificates on the fly for the given domain. In other words, the proxy
will be a CA issuing certificates for any kind of domain. The proxy will
now need to check the SSL certificate of the external entity like CRL
checking etc. The generated certificate can have the exact same content,
the only difference is that it is now signed by the proxy CA.   

Martijn Brinkers

Reply to: