Enabling man in the middle ssl



  • Hi

    When i enable man in the middle, i cannot seem to accept the certificate on my iphone, or tablet, any ideas how i can get this working?

    Thanks very much



  • this seems to work on windows devices but cannot seem to get it to work on my phone e.t.c has anyone experienced this before?

    Thanks



  • I realize this is a couple of months old post but I had to deal with this yesterday.
    Perhaps it'll help others seeking for the same thing.

    You have to send the .crt to yourself via email that is installed on your mobile device.
    You can then install this certificate ONLY if you retrieve this email using the built-in iOS mail application. 3rd party mail applications like gmail, etc will not work.
    I also read that you can do the same thing if you open this .crt file using Safari but personally have no tried it yet. I would imagine you could put it on an internal/external web server and access it using Safari.
    As per several sources I've come accross, it is not the recommended method of certificate delivery as it is not secure.
    That said, I use it for home purposes and do not have any MDM or other policy driven solutions to distribute certificates, so it is what it is.

    I am trying to find an easier way to have this done and will post once I discover something worthy.


  • Banned

    Easier is to make the Root CA available, like from pfSense Web UI or custom web site - then when you are able to click on the certificate - use the guide at http://docs.diladele.com/administrator_guide_4_6/https_filtering/install_certificates/iphone.html (for IOS 9, did not check for IOS 10 yet).



  • The .crt I was referring to WAS exported from pfSense self-signed CA i created exactly for use with squid SSL.
    Isn't custom website the only way to have client easily interact with that certificate (install it). I mean that involves making said website available, which I am not sure exactly easier. Please correct me if I am wrong.