<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/4.6.6">
</HEAD>
<BODY>
Hey all,<BR>
<BR>
So....I'm sure those on the list have seen my posts a number of times, usually all questions (sorry I'm not very helpful). That being said, whenever there is something I can't get to work right, or don't understand as well as I think I should, I do kind of a deep dive into it for about a month. I'm going to do that now with Squid. I have NEVER gotten ssl-bump to work right. I have it "sort of" working, but there are some issues I want to address.<BR>
<BR>
So I'm going to start from scratch in a lab environment using a VM as a client, a physical machine with two nics that are bridged and run squid as a transparent proxy, and a physical laptop as the server.<BR>
<BR>
My first question is about properly creating the certs. Looking at:<BR>
<BR>
<A HREF="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</A><BR>
<BR>
this mentions using crtd, but as I understand it, crtd isn't supported when using transparent proxies. So, with no crtd, as I understand it this is what I'll need:<BR>
<BR>
Server:<BR>
Self-signed CA cert (pem) <- used as cafile= in https_port<BR>
Intermediate cert signed by the above self signed CA cert (pem) <- used as cert= in https_port<BR>
Key file for the self-signed CA cert above (pem) <- used as key= in https_port<BR>
<BR>
Client:<BR>
Self-signed CA cert from above (pem) <- in /etc/ssl/certs for linux<BR>
<BR>
Any help, advice, links that would assist in better understanding this first step in ssl-bumping transparently would be wonderful. Thank you.<BR>
<BR>
James <BR>
<BR>
</BODY>
</HTML>