As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their network.
Breaking TLS is typically accomplished by loading an inspection CA certificate that dynamically generates certificates by your TLS inspection device. The public key from this CA is loaded into all clients on the network. When a domain is requested, a certificate is generated “on the fly” and returned to the requester. The requester has a trusted connection to the TLS inspection device, and the device then initiates a connection to the destination.
Leave a reply
