<html><head></head><body><div style="color:#000; background-color:#fff; font-family:Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><span id="yui_3_16_0_ym19_1_1492438383468_30371">Hi,</span><div id="yui_3_16_0_ym19_1_1492438383468_30372"><br id="yui_3_16_0_ym19_1_1492438383468_30374" clear="none"></div><div id="yui_3_16_0_ym19_1_1492438383468_30378"><span id="yui_3_16_0_ym19_1_1492438383468_30379">I'm new to Squid, and having trouble getting SSL filtering work.</span></div><div id="yui_3_16_0_ym19_1_1492438383468_30380"><span id="yui_3_16_0_ym19_1_1492438383468_30381"><br id="yui_3_16_0_ym19_1_1492438383468_30382" clear="none"></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1492438383468_30383"><span id="yui_3_16_0_ym19_1_1492438383468_30384">I
 have a blanket block setup with Squid as Transparent proxy where access
 it allowed only to github.com. But, squid generates certificates for IP
 address instead of domain name and SSL validation fails.</span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1492438383468_30385"><span id="yui_3_16_0_ym19_1_1492438383468_30386"></span>Squid version: <code id="yui_3_16_0_ym19_1_1492438383468_30387">3.5.25-20170408-r14154</code></div><div dir="ltr" id="yui_3_16_0_ym19_1_1492438383468_30388">When I use curl (I have imported my self signed SSL to the certificate store)<br id="yui_3_16_0_ym19_1_1492438383468_30389" clear="none"><code id="yui_3_16_0_ym19_1_1492438383468_30390">curl: (51) SSL: certificate subject name (192.30.255.112) does not match target host name 'github.com</code></div><div id="yui_3_16_0_ym19_1_1492438383468_30392"><div id="yui_3_16_0_ym19_1_1492438383468_31552"><br></div><div id="yui_3_16_0_ym19_1_1492438383468_31554">How to configure properly to splice a whitelist and block all other domains. Below is my current configuration</div></div><pre id="yui_3_16_0_ym19_1_1492438383468_30393">http_port 3128<br id="yui_3_16_0_ym19_1_1492438383468_30394" clear="none">http_port 3129 intercept<br id="yui_3_16_0_ym19_1_1492438383468_30395" clear="none">https_port 3130intercept ssl-bump enerate-host-certificates=on dynamic_cert_mem_cache_size=4MB 
cert=/etc/squid/ssl_certs/myca.pem key=/etc/squid/ssl_certs/myca.pem<br id="yui_3_16_0_ym19_1_1492438383468_30396" clear="none"><br id="yui_3_16_0_ym19_1_1492438383468_30397" clear="none">acl whitelist ssl::server_name .github.com<br id="yui_3_16_0_ym19_1_1492438383468_30398" clear="none">acl step1 at_step SslBump1<br id="yui_3_16_0_ym19_1_1492438383468_30399" clear="none"><br id="yui_3_16_0_ym19_1_1492438383468_30400" clear="none">ssl_bump peek step1<br id="yui_3_16_0_ym19_1_1492438383468_30401" clear="none">ssl_bump splice whitelist<br id="yui_3_16_0_ym19_1_1492438383468_30402" clear="none">ssl_bump bump all<br id="yui_3_16_0_ym19_1_1492438383468_30403" clear="none"><br id="yui_3_16_0_ym19_1_1492438383468_30404" clear="none"><span id="yui_3_16_0_ym19_1_1492438383468_30405"></span></pre><div dir="ltr" id="yui_3_16_0_ym19_1_1492438383468_30406">Please help me fixing the issue.</div><div dir="ltr" id="yui_3_16_0_ym19_1_1492438383468_30407"><br id="yui_3_16_0_ym19_1_1492438383468_30408" clear="none"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1492438383468_30409">thanks,</div>Shan</div></body></html>