Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sadly this also puts laptop users in the situation that they always need to vpn to the office otherwise sites that use HSTS will break either when on or outside the corporate networks, depending on when you visited the site first.


HSTS allows self signed certs as long as the cert is manually installed to the OS trust store for exactly that reason.


Okay. Does that also hold when only the CA is installed? On my machine both Safari and Chrome prevent loading google and stackoverflow because when accessing them through the corporate proxy I get a certificate which is signed by the corporate inspection gateway ca.


It works for me. Install the resign CA cert as a trusted CA and the page will load just fine.

Click on the padlock in Firefox and hit the right arrow next to the domain and it will even say "Verified by: [your corp]"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: