Squid3-devel ssl interception doesn't work for mobile devices

bellera · Mar 27, 2014, 1:48 PM

Android devices have their CAs ROM stored.

They permit to add certificates in DER format. But the installed DER are user certificates, not system certificates.

Example for Nexus devices:

https://support.google.com/nexus/answer/2844832?hl=en

I tested squid3-devel transparent https with:

Vodafone's Mobile Phone - HTC Desire - Android 2.2.2

Tablet - BQ Edison 3G - Android 4.0.4

Not working. The Android browser and Firefox browser (tablet) don't see the selfsigned pfSense CA.

pfSense's selfsigned CA is exported in PEM format. I converted it to DER format and tested in a Windows computer before installing it in Android devices.

I'm wondering if there is any solution (rooting the devices, perhaps?).

And I'm also thinking if I will have the same problem with iOS devices.

bellera · Mar 27, 2014, 1:46 PM

iOS (tested with iPAD)

Works for Safari.

Doesn't work for Chrome:

http://apple.stackexchange.com/questions/103157/certificate-error-when-using-chrome-for-ios-with-company-ca

marcelloc · Mar 27, 2014, 5:31 PM

I have not tested it on iphone or android yet.