Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Enabling man in the middle ssl

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techy82
      last edited by

      Hi

      When i enable man in the middle, i cannot seem to accept the certificate on my iphone, or tablet, any ideas how i can get this working?

      Thanks very much

      1 Reply Last reply Reply Quote 0
      • T
        techy82
        last edited by

        this seems to work on windows devices but cannot seem to get it to work on my phone e.t.c has anyone experienced this before?

        Thanks

        1 Reply Last reply Reply Quote 0
        • R
          RickTosch
          last edited by

          I realize this is a couple of months old post but I had to deal with this yesterday.
          Perhaps it'll help others seeking for the same thing.

          You have to send the .crt to yourself via email that is installed on your mobile device.
          You can then install this certificate ONLY if you retrieve this email using the built-in iOS mail application. 3rd party mail applications like gmail, etc will not work.
          I also read that you can do the same thing if you open this .crt file using Safari but personally have no tried it yet. I would imagine you could put it on an internal/external web server and access it using Safari.
          As per several sources I've come accross, it is not the recommended method of certificate delivery as it is not secure.
          That said, I use it for home purposes and do not have any MDM or other policy driven solutions to distribute certificates, so it is what it is.

          I am trying to find an easier way to have this done and will post once I discover something worthy.

          1 Reply Last reply Reply Quote 0
          • S
            sichent Banned
            last edited by

            Easier is to make the Root CA available, like from pfSense Web UI or custom web site - then when you are able to click on the certificate - use the guide at http://docs.diladele.com/administrator_guide_4_6/https_filtering/install_certificates/iphone.html (for IOS 9, did not check for IOS 10 yet).

            1 Reply Last reply Reply Quote 0
            • R
              RickTosch
              last edited by

              The .crt I was referring to WAS exported from pfSense self-signed CA i created exactly for use with squid SSL.
              Isn't custom website the only way to have client easily interact with that certificate (install it). I mean that involves making said website available, which I am not sure exactly easier. Please correct me if I am wrong.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.