[squid-users] Using SSL bump and reverse proxy for DNS sinkhole

thompsonm thompsonm3301 at protonmail.com
Sat Sep 8 09:00:41 UTC 2018

"1. a web server which will generate an SSL certificate on the fly and then
HTT{S content back to the client using that certificate "

Is there a way to do this? The only way I can find is to use wildcard
certificates. But that's not what I'm trying to do.

"2. a pile of SSL certificates which you generate using your own CA at the
time you put the fake entries into DNS.  After all, you know what domains 
you're putting into your "DNS sinkhole", so just generate an SSL certificate 
for each one as you do it, load them onto your web server, and there you go.

This is not really feasible because the lists are always being updated. I
could write a script or something but I think it would be better just to
have a web server or proxy create the certificates when the client tries to

Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list