Announcement

Collapse
No announcement yet.

SSL Cert Install Android ?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    SSL Cert Install Android ?

    Guys i'm playing around with SSL inspector on a separated VLan with a policy for that vlan to push all traffic out the new policy. I have SSL inspector turned on with a cert installed on a laptop and it's working. How do I get the cert to work properly with Android ? ( yes i have the SSID on the same vlan as the policy. I'm connected to the correct network.

    Followed this,

    Security check
    https://support.securly.com/hc/en-us/articles/212869927-How-do-I-install-Securly-SSL-certificate-on-Android-device-
    Tags: None
  • #2
    Android 11 has made it next to impossible to add a third party root certification.

    Android 11 tightens restrictions on CA certificates
    https://httptoolkit.tech/blog/android-11-trust-ca-certificates/
    Your trusted Certificate Authorities (CAs) are the organizations that you trust to guarantee the signatures of your encrypted traffic and…
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email [email protected]

    Comment

    • #3
      Thanks sir, Thought so, I tried

      Comment

      • #4
        Even if you succeed, a lot of mobile apps now are doing something called "Certificate Pinning", whey they know what certificate they're supposed to see and will reject your replacement, even if it's otherwise trusted.
        Last edited by jcoehoorn; 12-07-2021, 08:56 AM.
        Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

        Comment

        • #5
          Originally posted by jcoehoorn View Post
          Even if you succeed, a lot of mobile apps now are doing something called "Certificate Pinning", whey they know what certificate they're supposed to see and will reject your replacement, even if it's otherwise trusted.
          So its more useful for laptops & desktops. Not mobile devices.

          Comment

          • #6
            Soon it won't be useful at all, mTLS is the nature of the future and when you start using certificates to authenticate not only the server, but the client a uniform trust chain reveals any and all MITM attempts.

            SSL Inspection was dead on arrival, that's why I never used it and never recommended its use. The "need" for it doesn't matter, the nature of the beast determines reality.
            Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
            NexgenAppliances.com
            Phone: 866-794-8879 x201
            Email: [email protected]

            Comment

            • #7
              So when you roll out "untangle" what packages to you sell / use ? the NG Firewall Complete ? or Pick and choose ?

              Comment

              • #8
                We don't use a number of the apps at all...
                Phish Block, Spam Blocker, Web Cache, and Ad Blocker aren't even installed. A couple others are installed but just turned off, including SSL Inspector.

                That said, we use enough that the Complete package is still far and away our more cost-effective option.
                Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

                Comment

                • #9
                  Yeah, the way the pricing works if you want web filter + support, you're basically in for the entire complete package anyway. So I just push complete, the only time I do individual licenses is in the rare case that I need a multi-wan VPN terminator, then that unit will get just WAN failover / Balancer on it, and perhaps the IPSec module. But those units almost never stay that way long and wind up either going away, or getting complete soon thereafter anyway.
                  Rob Sandling, BS:SWE, MCP, Microsoft Certified: Azure Administrator Associate
                  NexgenAppliances.com
                  Phone: 866-794-8879 x201
                  Email: [email protected]

                  Comment

                  • #10
                    Originally posted by sky-knight View Post
                    Yeah, the way the pricing works if you want web filter + support, you're basically in for the entire complete package anyway. So I just push complete, the only time I do individual licenses is in the rare case that I need a multi-wan VPN terminator, then that unit will get just WAN failover / Balancer on it, and perhaps the IPSec module. But those units almost never stay that way long and wind up either going away, or getting complete soon thereafter anyway.
                    Thought so, I use policy manager alot & many of the other things. Hope to bring many videos out to help !

                    Comment

                    Previous template Next
                    Working...
                    X
                    😀
                    🥰
                    🤢
                    😎
                    😡
                    👍
                    👎