(This is probably a question for network security experts!)
I have a very basic understanding of SSL (certificate authorities, certificates, trusting the issuer, etc) and what I understand is that when I log in to www.gmail.com, the communication between me and the Gmail server is encrypted and no one can eavesdrop on the conversation.
This is what I used to believe until recently I found out that on a corporate (or any other network) there are devices (i.e network hardware) that can fool a browser into believing that, for example, it is www.gmail.com and therefore establishes an SSL connection, decrypts the data (i.e. allow plain-text to be viewed by someone, e.g. network administrator), then forwards it on to the actual www.gmail.com server.
However is it correct that the only caveat is that you need to install a certificate on the users browser asking it to trust this "hardware device"?
How easy is this to do (i.e. the entire process)? Is it something that is common practice within corporate networks? Is it practical to actually view, say a Google Talk chat between two users, in a network that has upwards of 400 users locally and about 6000 users in total (on the WAN). Has anyone here done anything like this and if so what is their experience? Also what would a "fake" certificate look like?