[squid-users] Using CA signed certificate for SSL bump

Alex Crow alex at nanogherkin.com
Wed Sep 5 11:05:17 UTC 2018

You can set up your own internal CA. You then have the CA key (so can 
generate certificates for any domain) and install the CA public 
certificate on all client machines.

That CA can be anything from a local CA on the squid box, using a 
central VM with something like XCA installed, all the way to an 
enterprise HSM.

But you must have the CA key. There is no way a commercial CA would give 
you a universal signing key.


On 05/09/18 08:02, Arshad Ansari wrote:
> Hi All,
> I have setup squid 4.2 for forward proxy and caching. It is working 
> fine when I am using self-signed certificate for SSL bump.
> However, our security requirement is to use only CA signed certificate 
> and not self-signed certificate.
> I have tried various options like using Https and intercept but 
> nothing seems to be working.
> My question is does SSL work with CA signed certificate?
> Regards,
> Arshad
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180905/ba5bddae/attachment.html>

More information about the squid-users mailing list