Does TLS interception necessarily require a self-signed certificate? Please explain why

Çağlar Arlı - 13 Views

Does TLS interception necessarily require a self-signed certificate? Please explain why

A brief schema of a TLS intercepting proxy - the Client connects to the Host via the Proxy in a way which allows the Proxy to perform a (consensual) MITM.

[Client]  ->  [Proxy]  ->  [Host]

It's my understanding reading references online that implementing a TLS intercepting proxy requires you to:

create your own CA signing key
have the client trust your own CA
the proxy can now basically establish two SSL sessions - Client<->Proxy and Proxy<->Host

This is one way to do this and projects like https://github.com/abhinavsingh/proxy.py use this approach as well as the employer of the author of How can my employer be a man-in-the-middle when I connect to Gmail?.

Question: is this the only way? Does a TLS intercepting proxy necessarily require a self-signed certificate? If so, can you explain why this is the only way?

P	S	Ç	P	C	C	P
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Annanowa

Does TLS interception necessarily require a self-signed certificate? Please explain why

Does TLS interception necessarily require a self-signed certificate? Please explain why

Son Yazılar

Son Yorumlar