Web site security certificate issues vs. browsers
MR ZenWiz
mrzenwiz at gmail.com
Mon Jan 21 18:43:42 UTC 2013
On Fri, Jan 18, 2013 at 7:22 PM, Matthew Flaschen
<matthew.flaschen at gatech.edu> wrote:
>
> This is likely because your office is conducting a man-in-the-middle
> attack on your traffic. This works as follows:
>
> 1. They intercept all your SSL traffic to monitor and possibly log it.
> 2. Since they don't have e.g. Gmail's real SSL private key, they resign
> it with their own private key.
> 3. Since Chrome knows it's an untrusted key, they warn you.
>
> Some offices at least acknowledge they're doing this and provide the SSL
> key used for interception. Most likely, this key is pre-installed on
> your (work-issued?) Windows laptop.
>
That makes perfect sense (it's the sort of thing I always suspect companies do).
Where would I find the SSL key on the laptop? (I've no idea how
Windows lays out these things....)
Thanks!
MR
More information about the ubuntu-users
mailing list