[squid-users] Ssl-bump deep dive (properly creating certs)
James Lay
jlay at slave-tothe-box.net
Sun May 24 16:25:42 UTC 2015
Hey all,
So....I'm sure those on the list have seen my posts a number of times,
usually all questions (sorry I'm not very helpful). That being said,
whenever there is something I can't get to work right, or don't
understand as well as I think I should, I do kind of a deep dive into it
for about a month. I'm going to do that now with Squid. I have NEVER
gotten ssl-bump to work right. I have it "sort of" working, but there
are some issues I want to address.
So I'm going to start from scratch in a lab environment using a VM as a
client, a physical machine with two nics that are bridged and run squid
as a transparent proxy, and a physical laptop as the server.
My first question is about properly creating the certs. Looking at:
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
this mentions using crtd, but as I understand it, crtd isn't supported
when using transparent proxies. So, with no crtd, as I understand it
this is what I'll need:
Server:
Self-signed CA cert (pem) <- used as cafile= in https_port
Intermediate cert signed by the above self signed CA cert (pem) <- used
as cert= in https_port
Key file for the self-signed CA cert above (pem) <- used as key= in
https_port
Client:
Self-signed CA cert from above (pem) <- in /etc/ssl/certs for linux
Any help, advice, links that would assist in better understanding this
first step in ssl-bumping transparently would be wonderful. Thank you.
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150524/77bdec77/attachment.html>
More information about the squid-users
mailing list