Using encryption certificates is the primary way to ensure that network traffic is not stolen. Technology giants such as Google have spent a long time popularizing network encryption connections. If the encrypted traffic is hacked, the browser will warn the user, because it is very difficult to fake the legitimate digital certificate itself. Therefore, if you want to decrypt these traffic, the best solution is to install the self-signed root certificate directly in the user terminal, and then you can forge various certificates at will.
The original self-signed certificate is mainly used for internal or home users to decrypt the traffic and facilitate the advertisement shielding, so the self-signed certificate also has advantages. But what’s worse is that there are still people who want to install self-signed certificates on the user terminal on a large scale. This is the project that Kazakhstan is currently advancing. Kazakhstan has recently requested Internet service providers to redirect user traffic to a specific page that instructs users to install self-signed digital certificates.
Kazakhstan said that decrypting encrypted traffic can help users, government agencies, and enterprises provide defensive capabilities against cyber-attacks to prevent fraud. At present, many scam websites and hacker-made phishing websites also use traffic encryption. For security software, it is not easy to identify the content itself. Therefore, some security software will also require users to install self-signed software for decryption and identification, and Kazakhstan is prepared to follow this self-signed approach.
At present, many users in Kazakhstan have reported that they cannot access the Internet without installing a certificate, and even a self-signed certificate must be installed on the smartphone.