<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
code
{mso-style-priority:99;
font-family:"Courier New";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.vote-count-post
{mso-style-name:vote-count-post;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link=blue vlink="#954F72"><div class=WordSection1><p class=MsoNormal><o:p> </o:p></p><div><table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0 style='background:white;border-collapse:collapse'><tr><td valign=top style='padding:0in 11.25pt 0in 0in'><p class=MsoNormal align=center style='text-align:center'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#242729'><o:p> </o:p></span></p></td><td valign=top style='padding:0in 0in 0in 0in'><div><div style='margin-bottom:3.75pt;word-wrap: break-word'><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'><o:p> </o:p></span></p></div></div></td></tr><tr><td valign=top style='padding:0in 11.25pt 0in 0in'><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#242729'>Dears, <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#242729'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#242729'>Thanks for adding me to the list…<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial",sans-serif;color:#242729'><o:p> </o:p></span></p></td><td valign=top style='padding:0in 0in 0in 0in'><p style='mso-margin-top-alt:0in;margin-right:0in;margin-bottom:12.0pt;margin-left:0in'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'><o:p> </o:p></span></p></td></tr></table></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'>I would like to install squid proxy with SSL bump, I am working on my Virtual lab and once everything is ok I will Test it on the real network. I already created I directory for the cert and generated the cert as below:<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>#Generate Private Key<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>openssl genrsa -out MSY.com.private 2048 <o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'><o:p> </o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'># Create Certificate Signing Request<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>openssl req -new -key MSY.com.private -out MSY.com.csr<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'><o:p> </o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'># Sign Certificate<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>openssl x509 -req -days 3652 -in MSY.com.csr -signkey MSY.com.private -out <o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>MSY.com.cert<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'># Generate certificate cache<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>/usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'># Change ownership of the certificate cache<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>chown squid: /var/lib/ssl_db<o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'>then I fill the info and put the 'Common Name' something other than the domain or server_name. in addition, please find the below lines from the squid configuration file:<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'># Squid listen Port<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>http_port 3128 <o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/MSY.com.private cert=/etc/squid/MSY.com.cert <o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'># SSL Bump Config<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>always_direct allow all <o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>ssl_bump server-first all <o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>sslproxy_cert_error deny all <o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>sslproxy_flags DONT_VERIFY_PEER <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 <o:p></o:p></span></p><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'>and it’s not working with SSL bump configuration, it work only when I remove the ssl bump configuration but for sure without ssl certificate.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'>also i check the </span><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>journalctl -xe</span><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'> and found the below error:<o:p></o:p></span></p><p class=MsoNormal style='background:#EFF0F1'><span style='font-size:10.0pt;font-family:Consolas;color:#242729;border:none windowtext 1.0pt;padding:0in;background:#EFF0F1'>/etc/squid/squid.conf:3 unrecognized: 'ssl-bump'<o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'>any ideas ?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.5pt;font-family:"Arial",sans-serif;color:#242729'>Regards</span><o:p></o:p></p></div></body></html>