tag:blogger.com,1999:blog-6596940132080312305.post7227741043228579323..comments2024-03-24T04:53:28.416-04:00Comments on The Network Effect: Ironports can perform man-in-the-middle for SSL.Peter Revillhttp://www.blogger.com/profile/06752807542064758422noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6596940132080312305.post-10220476957461890122013-02-07T08:26:28.389-05:002013-02-07T08:26:28.389-05:00Thanks so much for your reply Scott! Anonymous, sc...Thanks so much for your reply Scott! Anonymous, scott is spot on, the domain on the cert (the subject name) doesn't match the domain name your visiting ,hence, the certificate is invalid<br />Peter Revillhttps://www.blogger.com/profile/06752807542064758422noreply@blogger.comtag:blogger.com,1999:blog-6596940132080312305.post-87858022015434159702013-02-07T06:57:19.415-05:002013-02-07T06:57:19.415-05:00Because the certificate is issued to mail.google.c...Because the certificate is issued to mail.google.com by the cert authority ironport.mycompany.com.scott.noreply@blogger.comtag:blogger.com,1999:blog-6596940132080312305.post-80719914724634766312013-02-07T01:58:01.239-05:002013-02-07T01:58:01.239-05:00Say I point my browser to https://mail.google.com....Say I point my browser to https://mail.google.com. My browser will see a certificate "issued to" "ironport.mycompany.com" instead of "mail.google.com." So, my question is: Even if the certificate issued to "ironport.mycompany.com" is trusted, why won't my browser throw an error because of the mismatch?Anonymousnoreply@blogger.com