Lost In Cyberia Posted February 21, 2015 Share Posted February 21, 2015 In light of the recent Komodo fiasco, I was curious as to how SSL connections work with regards to proxies. In my company, when I'm at the desk or I vpn in from home, and I browse to an SSL connection... I look at the corner of my browser and ssl certs are all still unique. Meaning if I go to chase from behind the company proxy, chase's verfsign ev cert is given. Like wise if I go to say hak5, their geotrust cert is displayed. Having thought about this, isn't the proxy supposed to hide these from me, and display to me a cert that the IT staff at my company created? So instead of seeing the Geotrust site, I may see our IT department's self signed cert? Is this not always the case? So, because I still receive the "real" certificate from amazon or chase or something, what does this imply? What is the proxy actually doing then? Is it still even intercepting the SSL connection? My thoughts on how it worked was that your browser makes the SSL request, which unbeknownst to your broswer it goes to the proxy instead. And the proxy makes the connection, and then passes down to you a certificate that is just for inside the company or something. Like I said, since each ssl connected site I go to, appears to have it's original certicate path displayed, I don't think my companies proxy is actually doing any intercepting and changing. Anyone (Cooper) care to shed some light on this? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.