|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frank Swiderski (fes
stake.com)Date: Wed Apr 24 2002 - 10:42:06 CDT
The Readme.html has the best description of how it does this.
Basically, WebProxy creates a certificate that you install in your browser
as a CA cert (there is a link that will automatically do this in the Admin
screen at http://webproxy/ once you install and set it up). Whenever you
navigate to a new SSL site, WebProxy:
1) Generates a new SSL certificate, with CN=hostname, signing it with the
CA cert that you have installed in your browser.
2) Connects as a client to the SSL site (creating an encrypted tunnel from
WebProxy to the site).
3) "Impersonates" the SSL site to your browser, using the generated SSL
certificate to act as the server side of an SSL tunnel between WebProxy
and your browser.
4) Your browser decides the certificate is valid, because the CN matches
the site you are navigating to, and it is signed by a valid CA (the one
that WebProxy generated and you installed).
Once you have gone to an SSL site, WebProxy caches the generated cert so
that it doesn't have to generate a new one each time you navigate.
WebProxy stores its certificates in the certs/ directory.
It is very convenient to do it this way; all you need to do is install a
single CA cert in your browser (using the provided link), and you are
good.
That answer your question?
Thanks,
fes
On Wed, 24 Apr 2002, Sebastian Flothow wrote:
> At 18:03 Uhr -0400 23.4.2002, Frank Swiderski wrote:
> >This is installed as a proxy in your browser, processing all web requests
> >as they go by (both http and https).
>
> How does it process HTTPS requests?
> AFAIK, SSL is an end-to-end encryption tunnel, so all the proxy sees
> is the encrypted data stream. Did I get something wrong?
>
>
>
-- Frank Swiderski Security Consultant,
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]