[squid-users] transparent proxy https and self signed certificate error

Robert Watson robert at gillecaluim.com
Sun Oct 5 00:29:01 UTC 2014


using squid 3.4.8, compiled from source with ./configure flags
--enable-icap-client --enable-ssl --enable-ssl-crtd
configured iptables for transparent proxy (redirect 80 to 3128) and
everything works fine

configured iptables for transparent proxy (redirect 443 to 3127) but can't
get transparent proxy for https to work
my squid.conf
...
# Squid https port
https_port 3127 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/XXX.pem
acl broken_sites dstdomain .example.com
ssl_bump none localhost
ssl_bump none broken_sites
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
sslcrtd_children 32 startup=5 idle=1

when visiting google (or any other https site) chrome complains
NET::ERR_CERT_AUTHORITY_INVALID
I tried using internet explorer as admin and imported the self signed
certificate but that hasn't helped

can anyone please with how to debug this
thanks, Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141004/8076704b/attachment.html>


More information about the squid-users mailing list