Is it possible to stealthily change the SSL certificate?

M

Mark Rosenthal2016-01-09 19:54:31

System administration

Mark Rosenthal, 2016-01-09 19:54:31

Hey!
Several people work with serious information and there are reasons to mitigate them.
Is it possible to quietly change the certificate (so that the green padlock in the browser remains unchanged)?
Or just slip your certificate into those trusted through AD?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

M

mace-ftl, 2016-01-09
@mace-ftl

If you are not the administrator of their PC (ie, either physical or domain access), then no.

G

Gem, 2016-01-09
@Gem

There are suspicions about the issuance of arbitrary certificates upon request, at the state level. Certificate and Public Key Pinning and Certificate Transparency protect against this, but are rare and add complexity.
In general, the idea of PKI outside the enterprise / government agency is rather vicious.

R

res2001, 2016-01-09
@res2001

Transparent SSL proxy with substitution (squid). If you hang a normal certificate on the proxy, the lock will remain green. Substitution, of course, can be detected by looking at the certificate, but for this you need to know what certificate was before, and who is looking at them?
You can not replace, but at the same time control: habrahabr.ru/post/267851

D

DimaJF, 2016-01-10
@DimaJF

If you need it completely imperceptibly, you need to get a certificate in the same name in the same certification authority. :-)