
<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <p><br>

    </p>

    <br>

    <div class="moz-cite-prefix">15.11.2016 20:22, Sergio Belkin пишет:<br>

    </div>

    <blockquote

cite="mid:CABZC=5wHZ_E9iR23q44eUtuDzoM0rm_+3YovbHRnWzqxZL_eXg@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div>Hi,<br>

          <br>

        </div>

        <div>When using something like that:<br>

          <br>

          http_port 8080 intercept ssl-bump

          generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

          cert=/home/proxy/ssl_cert/example.com.cert

          key=/home/proxy/ssl_cert/example.com.private<br>

          <br>

        </div>

        <div><br>

        </div>

        Is possible to use a certificate generated by a trusted CA?<br>

      </div>

    </blockquote>

    No. <br>

    <br>

    In theory, if you can to force trusted CA to issue subordinate

    intermediate CA personally to you - yes, it possible. But to force

    trusted CA to issue subordinate CA personally to you is not possible

    due to trusted CA's CPS. To do this you should be trusted CA

    youself. I.e.: Pass audit, has PKI infrastructure, has much money

    and blah-blah-blah.<br>

    <br>

    So, you can't do SSL bump without users notification. <br>

    <blockquote

cite="mid:CABZC=5wHZ_E9iR23q44eUtuDzoM0rm_+3YovbHRnWzqxZL_eXg@mail.gmail.com"

      type="cite">

      <div dir="ltr"><br>

        <br clear="all">

        <div>

          <div>

            <div>

              <div>Thanks in advance!<br>

              </div>

              <div>-- <br>

                <div class="gmail_signature">

                  <div dir="ltr">

                    <div>

                      <div dir="ltr">--<br>

                        Sergio Belkin<br>

                        LPIC-2 Certified - <a moz-do-not-send="true"

                          href="http://www.lpi.org" target="_blank">http://www.lpi.org</a></div>

                    </div>

                  </div>

                </div>

              </div>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

squid-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>

<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>

</pre>

    </blockquote>

    <br>

    <div class="moz-signature">-- <br>

      Cats - delicious. You just do not know how to cook them.</div>

  </body>

</html>