[squid-users] Have issue with "https_port ssl-bump intercept"

pius piuschungath at gmail.com
Fri Aug 17 08:39:05 UTC 2018

Hi Amos,

Thanks for the reply. It makes more things clear. 

I do apologize for a Friday message in advance.

I will explain a bit more about my situation. We are using Jfrog artifactory
in our private network. Artifactory host lots of remote repos. We are
planning lock down the artifactory using squid. So in my case artifactory is
the client. 

artifactory ------> Squid(whitelist) -----> Internet
                            http (3129) / https (3130)

I followed the steps from your message. I trust the self-signed squid
certificate in artifactory. Now I error I am getting is in artifactory is 

"Connection to remote repository failed: Host name 'repo.jenkins-ci.org'
does not match the certificate subject provided by the peer

Looks like artifactory is requesting repo.jenkins-ci.org to squid without
enough information about domain name. May be that why squid created a ssl
certificate in behalf of artifactory with a IP address and instead of domain
name. So how can map the ip to a domain name ? DNS server ? 

Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list