Web lists-archives.com

Re: certificate problem on sid




2017-03-08 16:45 keltezéssel, SZ, Zsolt írta:
> As we have corporate proxy with NTLM authentication I am using CNTLM
> daemon for authentication and using localhost as proxy. It was working
> fine until yesterday. Any not secure traffic works fine though and
> local ssh is working fine as well. Most likely my local proxy is the
> root of this problem but I have not changed anything on its settings
> so I have no idea what makes this bad behavior.
>
> I tried with openssl s_client and it seems that beside the original
> certificate the corporate certificate is face up somehow. As our root
> certificate is only a local certificate, which is installed on Windows
> machines, it is unknown for my debian system. I do not want to add to
> my debian machine as my system worked without it before.
>
> Any similar experience or idea what is wrong?
Contact your proxy administrator. If your local root certificate appears
in the certification chains then it is possible that the proxy checks
SSL traffic. Technically it is the same as a MITM traffic and it means
that your root certificate issues 'fake' certificates for the https
sites. If this is the case then the only solution is to add your local
root to the trusted certificates (or switch off SSL inspection on the
proxy but if it company policy then I see very little chance).