Seeing a ton of alerts from SSL Inspection

itxnc

We're seeing a ton of alerts like this for this single IP with SSL Inspection:


That's a Facebook IP (in Ireland I believe). Facebook Messenger Desktop doesn't work unless we add graph.facebook.com and web.facebook.com to the exclude list because they hit this IP hard. Needless to say I'd MUCH rather Facebook be included in SSL Inspection...

Can you all see why this one IP is flagging. Is it a lack of a CA cert in the firmware or is their server misconfigured (can't imagine it is otherwise Chrome would go bonkers)

zyman2008

I think SSL inspection is not longer work for most of mobile Apps now. It only works for browser based application.
Since more Apps implement "certificate pinning" to prevent MITM attacks.
For example, 
Since Android 7, if Apps implement certificate check API by level 24. Then the Apps will not trust user imported certificates but trust the certificates in system store only.
Android Developers Blog: Changes to Trusted Certificate Authorities in Android Nougat (googleblog.com)

itxnc

Yeah - we don't even try SSL inspection on phones. We limit it to select desktops we know have the certificate installed properly. So these aren't coming from a phone.