topic Re: Decrypt guest network traffic in General Topics

Decrypt guest network traffic

MohamedSharief — Sun, 16 Oct 2016 10:00:59 GMT

Hi,

I'm using SSL decryption for domain users and it works perfectly. However, we're having a guest network (wifi) to provide our guests with internet access but we need to decrypt this traffic also. Any suggestion how to do this without forcing the guest to install the certificate? Can I use captive portal to decrypt the guest traffic?

I'm opened for any kind of implementations just to decrypt the traffic.

Regards,

Sharief

Re: Decrypt guest network traffic

pulukas — Sun, 16 Oct 2016 21:54:13 GMT

There really is no way around having the guests trust your certificate by some method. Decryption is basically a man in the middle so the cert trust needs to be established.

this old thread discusses some of the methods people have used to get the instructions out there for guests to install the necessary certs.

https://live.paloaltonetworks.com/t5/General-Topics/SSL-Decryption-getting-spoof-cert-out-to-BYOD-personal-devices/m-p/29602/highlight/true#M21622

Re: Decrypt guest network traffic

MohamedSharief — Mon, 17 Oct 2016 05:48:57 GMT

Useful thread that was. Thank you pulukas.