Question: how does it work if user goes to the page which has invalid / self-sig... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		annnnd on Feb 19, 2015 \| parent \| context \| favorite \| on: Extracting the SuperFish certificate Question: how does it work if user goes to the page which has invalid / self-signed certificate? Does proxy sign the altered page with the same certificate as others, thus making the warning go away? This would leave you open to other parties' MITM attacks too (because warnings are silently ignored). Or do they leave the page intact if the page certificate is not legit?

xnyhps on Feb 19, 2015 [–]

Assuming, from the password, that it uses "SSL Digestor" by Komodia, then yes, it should generate an invalid cert:

http://www.komodia.com/wiki/index.php?title=SSL_Digestor#Cer...

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact