[squid-users] Using CA signed certificate for SSL bump

Antony Stone Antony.Stone at squid.open.source.it
Wed Sep 5 08:29:55 UTC 2018

On Wednesday 05 September 2018 at 09:02:45, Arshad Ansari wrote:

> Hi All,
> I have setup squid 4.2 for forward proxy and caching. It is working fine
> when I am using self-signed certificate for SSL bump.

Good.  Well done.

> However, our security requirement is to use only CA signed certificate and
> not self-signed certificate.

That won't work.

> I have tried various options like using Https and intercept but nothing
> seems to be working.


> My question is does SSL work with CA signed certificate?

SSL?  Yes.

SSL Bump / interception, no - because if it did, you'd have a globally-trusted 
certificate which you could use to fake any website on the Internet.

Security?  The CA who gave you that certificate would disappear.


Tinned food was developed for the British Navy in 1813.

The tin opener was not invented until 1858.

                                                   Please reply to the list;
                                                         please *don't* CC me.

More information about the squid-users mailing list