[squid-users] Squid generated certificate for IP rather than domain when using ssl_bump
Shanmugam Sundaram
shanmuga_karna at yahoo.com
Mon Apr 17 14:38:52 UTC 2017
Hi,
I'm new to Squid, and having trouble getting SSL filtering work.
I have a blanket block setup with Squid as Transparent proxy where access it allowed only to github.com. But, squid generates certificates for IP address instead of domain name and SSL validation fails.Squid version: 3.5.25-20170408-r14154When I use curl (I have imported my self signed SSL to the certificate store)
curl: (51) SSL: certificate subject name (192.30.255.112) does not match target host name 'github.com
How to configure properly to splice a whitelist and block all other domains. Below is my current configurationhttp_port 3128
http_port 3129 intercept
https_port 3130intercept ssl-bump enerate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/etc/squid/ssl_certs/myca.pem key=/etc/squid/ssl_certs/myca.pem
acl whitelist ssl::server_name .github.com
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice whitelist
ssl_bump bump all
Please help me fixing the issue.
thanks,Shan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170417/3475f5ce/attachment.html>
More information about the squid-users
mailing list