Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 1 subscriber
  • Views 3739 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL spoof DIGINOTAR, COMODO - does Astaro remove root certs?

denko2k
Dear All!

referring to the news Microsoft, Google and Mozilla removed root certificates from the Dutch CA “DIGINOTAR”. Also a few weeks ago, root certs from COMODO have been removed.

Google users in Iran targeted in SSL spoof | InSecurity Complex - CNET News

How does Astaro deal with it?

In 
Web Security >> Web Filtering >> HTTPS CAs
does Astaro remove the certs by pattern updates? Do I have to do it myself?
Where can I find official information about how Astaro deals with that problems?


This thread was automatically locked due to age.
Parents
  • 0
    One thing just came to my mind.

    If I do not use HTTP[S] Proxy, I only use HTTP Proxy, this would not affect me right?

    Reason I do not use HTTPS is because it makes the browser not showing the extremely green secured bar and that disturbs my users at home.
  • 0 in reply to Alvin
    One thing just came to my mind.

    If I do not use HTTP[S] Proxy, I only use HTTP Proxy, this would not affect me right?

    Reason I do not use HTTPS is because it makes the browser not showing the extremely green secured bar and that disturbs my users at home.


    You are correct; in that case, you'd need to make sure your CA authorities on your PC did not have the errant one installed or trusted.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to Alvin
    One thing just came to my mind.

    If I do not use HTTP[S] Proxy, I only use HTTP Proxy, this would not affect me right?

    Reason I do not use HTTPS is because it makes the browser not showing the extremely green secured bar and that disturbs my users at home.


    You are correct; in that case, you'd need to make sure your CA authorities on your PC did not have the errant one installed or trusted.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner