Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at

hpr2095 :: 23 - SSL Certificates - How They Work

A discussion of how SSL certificates work

<< First, < Previous, , Latest >>

Thumbnail of Ahuka
Hosted by Ahuka on 2016-08-12 is flagged as Clean and is released under a CC-BY-SA license.
SSL, Certificates, encryption. 3.
The show is available on the Internet Archive at:

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:41:02

Privacy and Security.

In this open series, you can contribute shows that are on the topic of Privacy and Security

I had the opportunity to present a talk on SSL Certificates at our local LUG, the Washtenaw Linux Users Group, which uses some material from a previous HPR episode, but may be of interest to our listeners nonetheless. Because this was a lengthy presentation I have divided it into sections. This first section explains how SSL Certificates work, and the second one will explore some of the problems that we have with SSL Certificates, and how we might address those problems. For more go to


Subscribe to the comments RSS feed.

Comment #1 posted on 2016-08-18 19:17:47 by Ken Fallon

Not allowed in the EU

Excellent episode as always.

IAMAL but in the EU at least it is not permissible to intercept all communications via a local ssl cert, even if a policy is in place about non personal use of computers.

Google Chrome also implements checks to alert if the cert used on a site doesn't match the known cert (eg turns out to be


Comment #2 posted on 2016-08-19 16:29:00 by Kevin O'Brien

Different in EU

Well, I am not a lawyer either, but it looks like EU and US are different in this regard. I can say that in the US the courts have ruled that it is legal since the company owns the computers.

Comment #3 posted on 2016-09-21 15:03:16 by clacke

Different within EU

Dropping in on the convo without having heard the episode (yet).

I'm in Sweden (which is in the EU), and the company I'm currently contracting for are pretty careful about dotting their i's and crossing their lawyerly t's, so I don't believe they would be risking doing anything illegal.

They intercept TLS traffic, but I don't know if they store anything, or if it's just for the content filter to work and then gets thrown away. Maybe that makes a difference.

Google Chrome uses the OS certificate list. So if you are on your company-issued Windows computer that has the firewall's TLS CA installed to facilitate interception, Chrome will accept the CA just as if it were a real CA. Firefox won't, because it has its own list.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?