[squid-users] Help with squid 4.5. on centos 6.6. filter Https

Amos Jeffries squid3 at treenet.co.nz
Fri Jun 19 23:55:31 UTC 2015


On 20/06/2015 9:45 a.m., davincy wrote:
> Im trying to enable the certificates. I have the certs .pen but I dont know
> how get the .key
> 
> https_port 3129 intercept ssl-bump
> cert=/etc/squid/ssl_cert/sslsplit_ca_cert.pem
> cafile=/etc/squid/certs/sslsplit_ca_cert.pem
> key=/opt/etc/squid/certs/sslsplit_ca_key.pem  generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB sslflags=NO_SESSION_REUSE
> 
> On Centos This Lines are funcional?

There is nothing CentOS specific about them. With the directory paths
existing, and the relevant *.pem files correctly built they should work
on any POSIX based OS.


> 
> sslcrtd_program /opt/libexec/ssl_crtd -s /opt/var/ssl_db -M 4MB
> sslcrtd_children 5
> 
> I dont find the directory
> 
> /libexec  and the files ssl_crtd and the ssl_db
> 

If the /opt/libexec path does not exist then your Squid will definitely
not work. You need to locate where that sl_crtd helper binary was
installed and use the right path.

Also use "squid -v" to confirm the --enable-ssl-crtd was used during the
build.

Amos


More information about the squid-users mailing list