[squid-users] Using CA signed certificate for SSL bump
Antony Stone
Antony.Stone at squid.open.source.it
Wed Sep 5 08:29:55 UTC 2018
On Wednesday 05 September 2018 at 09:02:45, Arshad Ansari wrote:
> Hi All,
>
> I have setup squid 4.2 for forward proxy and caching. It is working fine
> when I am using self-signed certificate for SSL bump.
Good. Well done.
> However, our security requirement is to use only CA signed certificate and
> not self-signed certificate.
That won't work.
> I have tried various options like using Https and intercept but nothing
> seems to be working.
Indeed.
> My question is does SSL work with CA signed certificate?
SSL? Yes.
SSL Bump / interception, no - because if it did, you'd have a globally-trusted
certificate which you could use to fake any website on the Internet.
Security? The CA who gave you that certificate would disappear.
Antony.
--
Tinned food was developed for the British Navy in 1813.
The tin opener was not invented until 1858.
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list