On 8/15/2012 3:40 AM, James Hogarth wrote: >> the only method I know that works consistently is to block all direct >> web and ssl access and force use of a web proxy, so the SSL is between >> the remote server and the proxy server, which is your security gateway. > The way I've handled this in previous places when the requirement has > existed is a company CA cert installed on all corporate devices (windows > with AD makes this very easy) and man in the middle everything. > > There's no browser security errors then and the unencrypted data is visible > for security inspection. > > Of course if doing this make sure you notify in the AUP for the company > employees have to sign and agree to abide by etc etc... > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos that is how astaro does ssl scanning. Once it has gotten to the endpoint it is too late.