[squid-users] Distribute root certificate to clients

Yuri yvoinov at gmail.com
Mon Mar 12 13:49:37 UTC 2018 

I guess, there is no easy solution for this job.

The more difficult tasks is also mobile clients.

In my case, I use just a bit simple JS-trick solution found on
serverfault once upon a time.

It is point-and-click based, but not works for each and every browser.
Just for Chrome-based/Firefox and MS Edge (with some difficults).

Also, don't forget about such thing like JRE. Sometimes it also requires
to install cache root CA.

And, such thing as Thunderbird - it does not share certificate store
with FF.

12.03.2018 15:40, Nicolas Kovacs пишет:
> Hi,
>
> I have a few prospective clients who want/need to log and monitor all
> their web traffic and asked me to find a viable solution for this.
>
> After a couple of weeks of fiddling, I decided to opt for the
> Squid+SquidAnalyzer setup, which works quite well. I have a sandbox
> installation here in my office that already works quite satisfyingly.
>
> While working out the solution (thanks again to you guys, you know who
> you are), I took some extensive notes on my technical blog:
>
>   * https://blog.microlinux.fr/squid-centos/
>
>   * https://blog.microlinux.fr/squid-https-centos/
>
>   * https://blog.microlinux.fr/squidanalyzer-centos/
>
>   * https://blog.microlinux.fr/squid-exceptions/
>
> I have yet one problem to tackle, and I already have a solution in mind.
> Though I thought I'd rather ask here first, since this is a bit new to
> me, and you guys have much more experience.
>
> Most of my clients are small businesses with up to a few dozen client
> PCs, and also wireless access.
>
> The problem I'm currently facing is: how to provide an easy installation
> of Squid's root certificate? During my tests, I wrote some short
> instructions for my Linux clients with Firefox, Chrome and Konqueror:
>
> https://blog.microlinux.fr/squid-https-centos/#navigateurs
>
> Here's what I intend to do. Configure a local web page
> http://proxy.company.lan where clients can download the certificate file
> proxy.company.lan.der. This page also contains quick & dirty
> instructions on how to install the certificate on the most popular
> browsers/platforms (Chrome, Firefox, Safari, Internet Explorer).
>
> Each company will also have a printed document, explaining how to access
> the Internet. Something like this:
>
>   1. Open http://proxy.company.lan in your browser.
>
>   2. Download the proxy.company.lan.der certificate file.
>
>   3. Follow instructions to import this file into your browser.
>
>   4. Browse the web normally.
>
> Before doing that, I thought I'd inquire how you guys go about that. As
> a long-time Slackware user I've always been a fan of the KISS principle
> (Keep It Simple Stupid), so I try to have a no-nonsense approach.
>
> Any suggestions?
>
> Cheers from the sunny South of France,
>
> Niki
>

-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180312/e23af4f6/attachment.sig>

More information about the squid-users mailing list