Squid3-devel ssl interception doesn't work for mobile devices

bellera

Android devices have their CAs ROM stored.

They permit to add certificates in DER format. But the installed DER are user certificates, not system certificates.

Example for Nexus devices:

https://support.google.com/nexus/answer/2844832?hl=en

I tested squid3-devel transparent https with:

Vodafone's Mobile Phone - HTC Desire - Android 2.2.2

Tablet - BQ Edison 3G - Android 4.0.4

Not working. The Android browser and Firefox browser (tablet) don't see the selfsigned pfSense CA.

pfSense's selfsigned CA is exported in PEM format. I converted it to DER format and tested in a Windows computer before installing it in Android devices.

I'm wondering if there is any solution (rooting the devices, perhaps?).

And I'm also thinking if I will have the same problem with iOS devices.

bellera

iOS (tested with iPAD)

Works for Safari.

Doesn't work for Chrome:

http://apple.stackexchange.com/questions/103157/certificate-error-when-using-chrome-for-ios-with-company-ca

marcelloc

I have not tested it on iphone or android yet.