Steve Gibson is a well known security expert who is the brains in the excellent "Security Now" podcast.
He knocked up a web utility to help you detect whether your company might be intercepting your HTTPS traffic with a man-in-the-middle attack.
( installing the own root certificates, so they can create fake facebook/gmail etc certs )
GRC Fingerprints link
Basically he lists the HTTPS cert fingerprints of known websites, eg. Facebook.
www.facebook.com *.facebook.com F5:6B:F2:44:63:B0:BD:61:36:C5:E8:72:34:6B:32:04:28:FF:4D:7C
But you can put in your own website and he'll get the cert that his unintercepted site sees, eg.
www.boards.ie *.boards.ie C7:13:71:7A:A1:0B:CE:37:B1:77:46:FE:27:F1:58:A0:76:28:8D:42
So then you go to https://www.boards.ie, view the cert in your browser and compare the fingerprints of the cert that YOU see, eg. in this case the SHA1 fingerprint matches, so I know that my company isn't intercepting the HTTPS traffic to boards.
Nice one. Some security companies do offer that trusted man in the middle as a service.
Wait... When did Boards start using HTTPS?
is OCSP still vulnerable to man in the middle attacks / is there another reliable way of verifying certs automatically ?
https everywhere also has options for the EFF SSL Observatory https://www.eff.org/observatory
Interesting, I've just enabled that.
I had been using Https everywhere for boards as a matter of routine.
I'm not sure if they want us to be using SSL just yet. They will keep re-directing you back you normal HTTP.
Yeah when I use https on boards the pages don't render properly.