Web site security certificate issues vs. browsers

MR ZenWiz mrzenwiz at gmail.com
Mon Jan 21 18:43:42 UTC 2013


On Fri, Jan 18, 2013 at 7:22 PM, Matthew Flaschen
<matthew.flaschen at gatech.edu> wrote:
>
> This is likely because your office is conducting a man-in-the-middle
> attack on your traffic.  This works as follows:
>
> 1. They intercept all your SSL traffic to monitor and possibly log it.
> 2. Since they don't have e.g. Gmail's real SSL private key, they resign
> it with their own private key.
> 3. Since Chrome knows it's an untrusted key, they warn you.
>
> Some offices at least acknowledge they're doing this and provide the SSL
> key used for interception.  Most likely, this key is pre-installed on
> your (work-issued?) Windows laptop.
>

That makes perfect sense (it's the sort of thing I always suspect companies do).

Where would I find the SSL key on the laptop?  (I've no idea how
Windows lays out these things....)

Thanks!

MR




More information about the ubuntu-users mailing list