[squid-users] 4.9 https isue...unable import certificate in browser

aw_wolfe aw_wolfe12 at yahoo.com
Tue Dec 10 11:19:40 UTC 2019

I have squid 4.9 built with https support in which I created a certificate
following tutorial. Squid starts, appears to be running fine. http whitelist
with user groups working....trying to add https support.

copy/paste from example of what I did to create certificate.

openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -extensions
v3_ca -keyout myCA.pem  -out myCA.pem

certtool --generate-privkey --outfile ca-key.pem

certtool --generate-self-signed --load-privkey ca-key.pem --outfile myCA.pem

openssl x509 -in myCA.pem -outform DER -out myCA.der

1) problem when trying to import myCA.der certificate into firefox: "This is
not a certificate authority certificate, so it can’t be imported into the
certificate authority list"

2) My goal is simply to whitelist sites, I do not have a need to view the
traffic. Is following ssl-bump examples the right/only approach or is easier
way to let the client connect directly, but preventing any connection except
if on the whitelist?


Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list