<div dir="ltr"><p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Dears,</span><span style="font-size:12pt;font-family:"times new roman",serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif"><span> </span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif">I am setting the
SSL-bump for squid 3.5 on CentOS 7, I already generated ssl certificate with
the below commands:<span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif"><span> </span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><b><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)">OPENSSL=/usr/bin/openssl</span></b><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><b><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)">SSLDIR=/etc/mydlp/ssl</span></b><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><b><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)">mkdir -p $SSLDIR || exit 1</span></b><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><b><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)">rm -rf $SSLDIR/*</span></b><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><b><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)">[ -e $SSLDIR/private.pem ] || $OPENSSL genrsa
4096 > $SSLDIR/private.pem</span></b><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><b><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)">[ -e $SSLDIR/public.pem ] || (echo -e
"TR\nAnkara\nTechnopolis\nMyDLP\nMyDLP\n*\<a href="mailto:nsupport@mydlp.com">nsupport@mydlp.com</a>\n"|
$OPENSSL req -new -x509 -days 3650 -key $SSLDIR/private.pem -out
$SSLDIR/public.pem)</span></b><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><b><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)">[ -e $SSLDIR/user.der ] || $OPENSSL x509 -in
$SSLDIR/public.pem -outform DER -out $SSLDIR/user.der</span></b><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif"><span> </span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif">In addition,
below you can find snippet from squid.conf file:<span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif"><span> </span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102);background:rgb(244,244,242)">http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB key=/etc/mydlp/ssl/private.pem cert=/etc/mydlp/ssl/public.pem</span><span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102);background:rgb(244,244,242)">always_direct allow all</span><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102)"><br>
<span style="background:rgb(244,244,242)">ssl_bump allow all</span><br>
<span style="background:rgb(244,244,242)">sslproxy_cert_error allow all</span><br>
<span style="background:rgb(244,244,242)"># Or may be deny all according to your company policy</span><br>
<span style="background:rgb(244,244,242)"># sslproxy_cert_error deny all</span><br>
<span style="background:rgb(244,244,242)">sslproxy_flags DONT_VERIFY_PEER</span><br>
<span style="background:rgb(244,244,242)">sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db
-M 4MB</span><br>
<span style="background:rgb(244,244,242)">sslcrtd_children 5</span></span><span style="font-size:12pt;font-family:arial,sans-serif"><span></span></span></p>

<p class="MsoNormal"><b> </b></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif">In addition, I added </span><span style="font-size:7.5pt;font-family:"courier new";color:rgb(102,102,102);background:rgb(244,244,242)">user.der</span><span style="font-size:12pt;font-family:arial,sans-serif"> file in the certificate authority for the
user machine. The problem that it’s not working. Moreover, Squid service
restart without any issues. Also, please find the attached result for the squid
configuration test.<span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif"><span> </span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif">Appreciate your assistant.<span></span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif"><span> </span></span></p>

<p class="MsoNormal" style="margin-bottom:0.0001pt;line-height:normal"><span style="font-size:12pt;font-family:arial,sans-serif">Mohammed M AlJakri<span></span></span></p></div>