Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Zscaler Intermediate Certificate [closed]

Tags:

ssl

Our company recently implemented Zscaler proxy filtering, which I just learned uses a root certificate pushed out to all of our machines to forge SSL certificates for mitm filtering of our traffic. Personally I'm not happy about this, but we do a lot of sensitive work, so I'm not going to complain.

But now I'm noticing they don't seem to be doing it consistently. For instance, if I go to Facebook on the work network, the certificate is signed by ZScaler Intermediate Root CA, which clearly means it's been compromised. But if I go to, say, my bank, it says it's signed by Verisign. Am I right in thinking that means the bank connection has not been intercepted and is still end to end encrypted?

like image 661
TBridges42 Avatar asked Jun 27 '14 13:06

TBridges42


1 Answers

Zscaler allows the administrator to configure which sites/domains/categories will or will not be decrypted for inspection. It sounds like your admins have disabled SSL decryption sites in the finance category, and thus traffic to your bank is not being decrypted, whilst traffic to Facebook is.

As far as determining which traffic is and is not being decrypted you are exactly right - check the SSL certificate and if it's signed by the Zscaler certificate then the traffic is being Man-In-The-Middle'ed. If it's signed by any other certificate (including Verisign/etc) then it's NOT being MITM'ed.

like image 53
Doc Avatar answered Sep 22 '22 06:09

Doc