0

The company I work in as an intern is using CA spoofing.

When I check the certificate I have :

  • Issued to : security.stackexchange.com
  • Issued by : name of my company CA

So here I'm sure that this is CA spoofing. It is the same on other websites as github, tensorflow ...

My questions are :

  1. Is CA spoofing a common thing for companies ?
  2. What are the pros and cons of CA spoofing (for the company) ?
  3. Do employees have to fear something about their privacy ?
schroeder
  • 125,553
  • 55
  • 289
  • 326
Deunis
  • 769
  • 1
  • 7
  • 16
  • They want to monitor what you do on their network. – defalt Aug 30 '19 at 09:02
  • It is not "spoofing" anything. They are the issuer of trusted certs in that environment. – schroeder Aug 30 '19 at 09:07
  • @schroeder so it is just the company issuing their own certs, without any idea of getting a hand on the information the employees share on different websites ? – Deunis Aug 30 '19 at 09:13
  • 1) yes it is very common, 2) they get to inspect to see if unauthorised data is leaving, 3) there is no employee privacy in this situation – schroeder Aug 30 '19 at 09:13
  • The duplicate explains: the purpose is to be *able* to read all traffic. Whether they do, or not, is up to several factors. – schroeder Aug 30 '19 at 09:14
  • Ok thanks, I didn't see it that way – Deunis Aug 30 '19 at 09:17

0 Answers0