views:

50

answers:

1

Hi,

at $WORK, we have to use an introspecting web proxy that rewrites the SSL certificate chain. I can verify this by using curl to get an https URL or running (o.k., trying to run :-) ) the firefox plugin updater.

The windows port of GIT, http://code.google.com/p/msysgit/, also complains about broken certificates. Is there a way to force it to ignore certificate problems?

Regards, Hakan

A: 

I doubt it rewrites certificate chains, I imagine it has its own certificate which it returns instead of the target server's. If you want to use such a proxy of course your clients must trust it as well as/instead of the target server, which is just a matter of distributing the appropriate cert, or better still getting it signed by a CA. The last thing you want to do is ignore certificate problems: otherwise you may as well not use SSL at all.

EJP