Is it possible that a proxy replace the SSL web certificate I installed on my server when browsing from outside my organisation ?

Hi !

I manage a webserver containing a secure section protected with a SSL web certificate. Everything work fine and when I browse the site from everywhere, I see my certificate by thawte.

However, when I try to acces the same site from a computer on the government network (Im not in USA) , it seems that their proxy replace my original SSL certificate with a custom one, the site still look secured but the certificate securing it is not the one from thawte. This is the case for all other site I know secure (www.royalbank.com, www.ingdirect.com etc...)

Should I trust this ?
Does it mean they can have access to the date I send and receive ?
What king of system does that (for further reading)

Thank you
Rubicon2009Asked:
Who is Participating?
 
FrabbleConnect With a Mentor Commented:
Should I trust this ?
It's up to you. Some businesses take their security very seriously and you may not have a choice.

Does it mean they can have access to the date I send and receive ?
Yes, they can see the plaintext data.

What king of system does that (for further reading)
There are proxies than will intercept https and continue to make an SSL connection on behalf of the client. Google for "proxy intercept https"
0
 
Leon FesterConnect With a Mentor Senior Solutions ArchitectCommented:
You mentioned government, so anything is possible.

It could be that they're running some anonymizing software that's redirecting your site via there own proxy, hence the SSL certificate being different.

I'm guessing that you've somehow already testing that they're not maybe accessing some other site, other then yours?

I'd suggest contacting your client/government liaison to confirm that the behavior seen on their side is in fact the expected behavior.
0
 
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
That is a known issue, and sadly common.

Certain proxy boxes perform what amounts to a man in the middle attack (the best known of these would be cisco's Ironport WSA, but there are others - if you want to see this in action yourself, download the free proxy "webscarab" which does this) - the given reason is so they can do deep packet analysis and caching on https traffic, but equally, they can and should add exceptions for banking and other "sensitive" sites that the admins shouldn't have access to.

Bottom line though - if your cert is being replaced, *someone* is looking at your traffic, and may not have your best interests at heart.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.