- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSL Decription
Hello,
I'm using FortiGate to decrypt web server traffic, how to know if the traffic is really decrypted from the FortiGate log itself ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can monitor the logs and look at that fwpolicyid. A sure way is to inspect the client\server-hello. If you see the MiTM forced certificate in the https lock in the browser, than you know a device was in the middle. Review the following
http://socpuppet.blogspot.com/2017/11/ssl-state-cache-msie.html
The left screenshot is a proxy doing MiTM and the right is the correct ca-chain. https://crt.sh/ is a good tool to know the proper cert issuer details btw.
e.g ( to see all cert listed for example.com )
https://crt.sh/?q=%25.example.com
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can monitor the logs and look at that fwpolicyid. A sure way is to inspect the client\server-hello. If you see the MiTM forced certificate in the https lock in the browser, than you know a device was in the middle. Review the following
http://socpuppet.blogspot.com/2017/11/ssl-state-cache-msie.html
The left screenshot is a proxy doing MiTM and the right is the correct ca-chain. https://crt.sh/ is a good tool to know the proper cert issuer details btw.
e.g ( to see all cert listed for example.com )
https://crt.sh/?q=%25.example.com
Ken Felix
PCNSE
NSE
StrongSwan
