cwtang
asked on
Design of Proxy Deployment and Client SSL-Interception for BYOD
Hi,
I stumbled upon a scenario whereby an environment which would like to filer client traffic for both HTTP and HTTPS traffic. As I understand if using proxy; trusted certificates would need to be installed for both the client and proxy server so that SSL interception may be performed.
I was wondering if there may be a recommended/industrial best practice approach to perform SSL interception on clients in an BYOD so as to filer traffic? In a corporate environment; this wouldnt be a problem as clients can be installed with a trusted CA server; however I was wondering on how it may be done in a BYOD environment especially if SSL interception is required?
Any suggestion is appreciated
I stumbled upon a scenario whereby an environment which would like to filer client traffic for both HTTP and HTTPS traffic. As I understand if using proxy; trusted certificates would need to be installed for both the client and proxy server so that SSL interception may be performed.
I was wondering if there may be a recommended/industrial best practice approach to perform SSL interception on clients in an BYOD so as to filer traffic? In a corporate environment; this wouldnt be a problem as clients can be installed with a trusted CA server; however I was wondering on how it may be done in a BYOD environment especially if SSL interception is required?
Any suggestion is appreciated
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Google shows just one mayor product if you look there. squid is another. beware of pinned domains though
ASKER
Hi,
Appreciate for the information. I would like to ask if mayor/squid may perform ssl interception without the client installing certificate for it?
Thanks.
Appreciate for the information. I would like to ask if mayor/squid may perform ssl interception without the client installing certificate for it?
Thanks.
no.
ASKER
Thank You for the information!
ASKER
I understand on it however I was wondering if it may be possible technically through any product/solution available today for BYOD ?