Import PEM file from Proxy Server

Support for security such as Firewalls and securing linux
Post Reply
maravillasanchez
Posts: 2
Joined: 2014/12/29 02:33:26

Import PEM file from Proxy Server

Post by maravillasanchez » 2014/12/29 02:43:32

Good evening! My company uses a proxy server and that proxy server uses a SSL cert (company.pem) to intercept SSL traffic. Anyway, when I try to visit a SSL site or use wget on a SSL site (example: httpS://www.google.com), I get an error message that the cert for that site isn't trusted because it's trying to use my company's SSL cert (company.pem) instead of the site's SSL cert. I'm using Centos7 and I'm trying to import the PEM certificate our agency uses through command line. Can someone assist? Also, once imported, in what folder/file is the information stored? Thank you.

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: Import PEM file from Proxy Server

Post by aks » 2014/12/30 12:43:54

You need to import the root (i.e.: CA) certificate that signed the companies certificate, into your browser (or whatever client you're connecting to http[s://www.google.com with. That should establish the trust.
Essentially what you're doing is exploiting the man in the middle weakness that SSL/TLS has (and what certificates where meant to solve).

maravillasanchez
Posts: 2
Joined: 2014/12/29 02:33:26

Re: Import PEM file from Proxy Server

Post by maravillasanchez » 2014/12/30 15:22:42

I've been able to import it in my browser, but get error messages when trying to use wget and curl via command line. Is there a different process for that?

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: Import PEM file from Proxy Server

Post by aks » 2014/12/30 17:55:06

Yes your browser and curl are not the same program! I think you may need to pass the ca-cert argument to curl.

Post Reply