Hacker News new | past | comments | ask | show | jobs | submit login

Fortinet has a similar feature for the Fortigates. You can have the SSL cert (ex: secure.yourcompany.com) be presented from an IP bound to the firewall and be able to read all communications between the client and server. I'm not sure if the same applies to a certificate you don't own (ex: mail.google.com) for the same purpose.



Squid can do that too; and if you give it your own CA cert, it can dynamically generate certs with the right domain to prevent browser errors.

http://wiki.squid-cache.org/Features/SslBump

http://wiki.squid-cache.org/Features/DynamicSslCert


This is a feature of many firewalls now, even at the small/medium business end of the market.

If you're a company that relies on virus scanning HTTP traffic then the increasing number of websites which force SSL looks like a potential problem.


Software like that will issue per-site SSL certs signed by a company-wide trusted authority.


this handles all the certificate work on its own and auto generates and stores certificates in ~/.mitmproxy or something similar so you can quickly email it to your iDevice. although it is a little eerie to see my bank password in "plain-text", its fun to look at how other app makers send and receive data.




Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: