What it takes for an XBox app to trust a custom CA certificate for lab-testing https traffic? RRS feed

  • Question

  • Hello,

    I am writing this from the context of testing a video streaming application within a test lab on a XBox One.  

    We have to decrypt and analyze the https traffic generated from this application running in XBox One. For decrypting https traffic that we have a legit man-in-the-middle setup (I'm saying legit, because this is done within the lab and with every stakeholder's knowledge & approval). This setup can decrypt https traffic, provided the end device trusts the custom CA certificate signed and issued by the mitm entity itself. 

    My questions is -

    How can the custom CA certificate be embedded within the XBox One device/app? Is it required to have this certificate added in the trusted certificate store of XBox One or it just need to be embedded within the application itself - similar to certificate pinning on Android applications? Or in other words, what should I ask the application developers to do in order to enable this?

    Please note that this is purely for testing purposes and I am not seeking any information related to hacking. The information required is purely on what kind of support is required from application devs in order for me to run a man-in-the-middle proxy in the lab which can decrypt the traffic from that specific application and nothing more. 


    • Edited by Jessy4.0 Friday, December 6, 2019 9:57 AM added more clarity
    Friday, December 6, 2019 9:56 AM