[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HTTPS redirects to HTTP for monitoring

Subject: HTTPS redirects to HTTP for monitoring
From: johnl at iecc.com (John Levine)
Date: 19 Jan 2015 21:56:04 -0000
In-reply-to: <[email protected]>

>We use Fortinet firewalls and SSL (HTTPS, FTPS, IMAPS, POP3S, SMTPS, 
>SSH) inspection is a standard feature.  It works by rolling out a custom 
>CA certificate from the device to all of the desktops and whenever you 
>hit a SSL site, a cert signed with the CA is generated and presented to 
>the user. If you look at the cert your browser has, you can tell the CA 
>is different but most users aren't looking at that.

By the way, I hope that all of the people who have been ranting about
this have read this note.  The only way this filtering works is if the
client computers have a special CA cert installed into their browsers.
That means it's a private organizational network that manages all its
client computers, or it's a service where the users specifically do
something on their own computers to enable it.

It may not be a very good idea, but it's definitely not evil people
secretly spying on traffic of innocent victims.

R's,
John

Follow-Ups:
- HTTPS redirects to HTTP for monitoring
  - From: tim at pelican.org (Tim Franklin)

References:
- HTTPS redirects to HTTP for monitoring
  - From: andy at mbrez.com (Andy Brezinsky)

Prev by Date: HTTPS redirects to HTTP for monitoring
Next by Date: link monitoring and BFD in SDN networks
Previous by thread: HTTPS redirects to HTTP for monitoring
Next by thread: HTTPS redirects to HTTP for monitoring
Index(es):
- Date
- Thread