SSL Certificates

Here for general support for J series TVs, request and problem solve area.
Post Reply

pauleverglade
Posts: 13
Joined: Wed Jun 08, 2016 3:39 pm

SSL Certificates

Post by pauleverglade »

Does anyone know of a way to get an SSL Certificate onto their TV? I have a UN32J5205 TV and want to look at the encrypted traffic my TV is sending back to samsung. Only way to do this is for it recognize my own self signed ssl cert but I don't know how to get it onto the TV.

Any help is appreciated. Thanks.

-Paul
aluisperezh
Posts: 15
Joined: Mon May 23, 2016 8:23 am

Re: SSL Certificates

Post by aluisperezh »

First thing is what do you need the certificate for. I mean, if you could get the cert into the TV how would you make the TV use it to connect to Samsung?

The only thing I can think of is intercepting the SSL communications the way SSL decrypting appliances do. That is, there should be a third machine (a server of yours) who closes the SSL tunnel with the TV and opens another one with Samsung with the data sent by the TV.

I don't know if you are trying to do something like this: http://blog.davidvassallo.me/2011/03/22 ... erception/

In that case you have to make the TV accept a CA certificate as valid. If that is what you want to do, the only way I can think of doing it is creating a Web page with another certificate issued by the same CA, accessing it with the TV web browser and try to make it accept the CA certificate as valid. This method works with a computer (PC, tablet, whatever) but I'm not sure if it works on the TV. I haven't tried it, and I don't even know if the browser uses the same certificate store as the other parts or the software who is connecting to Samsung...

Regards.
pauleverglade
Posts: 13
Joined: Wed Jun 08, 2016 3:39 pm

Re: SSL Certificates

Post by pauleverglade »

Hi aluisperezh,

Thanks for the response. Basically I want to mitm the TV using a proxy made by mitmproxy.org.

"Mitmproxy can decrypt encrypted traffic on the fly, as long as the client trusts its built-in certificate authority. Usually this means that the mitmproxy CA certificates have to be installed on the client device."

If you want more information you can go to mitmproxy.org and look around. I basically need to put the mitm proxy CA cert onto the TV. However, I am not sure a user can put a CA cert onto a TV and put it into the trusted cert directory (if it exists).

Any additional info will help!

-Paul
aluisperezh
Posts: 15
Joined: Mon May 23, 2016 8:23 am

Re: SSL Certificates

Post by aluisperezh »

Sorry for not answering before.

I can't access mitmproxy from work, but I'm pretty sure it works like any other SSL deciphering system: it creates certificates on-the-fly with the destination SSL web site name, and then works as a man-in-the-middle. SSL tunnel goes from browser to mitmproxy, where it gets decrypted, and mitmproxy connects with the destination web service on behalf of the client browser. In this process mitmproxy "sees" the traffic in cleartext and can process it. But all this relies on the browser trusting the CA who has issued the certificate (as it would if it had been Verisign, for example). And that needs the mitmproxy CA certificate to be installed in the browser SSL certificate store.

The only way before developers get us root I can think of doing it is what I told you before about trying to access through the web browser to a web (you'll have to create it yourself) and make the browser accept the certificate. I don't know if it's possible like it is on a computer, but I'm afraid there's no other way right now.

You need access to the machine certificate store, and I'm sure there's no straight access right now. If I'm not mistaken, in Linux certificates are stored right in the filesystem (/etc/ssl/certs and /etc/ssl/private), so the only way would be to put there the mitmproxy CA certificate. But we don't have a shell interface until we are rooted.

I don't have my J TV near, but maybe in a few days I can try this method. I'm afraid, anyway, that this is not going to be easy...

Regards.

Post Reply

Return to “[J] Support”