[squid-users] transparent proxy https and self signed certificate error
Amos Jeffries
squid3 at treenet.co.nz
Mon Oct 6 07:39:50 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/10/2014 4:24 p.m., Robert Watson wrote:
> still trying to get this working. To eliminate the self signed
> certificate issue, I got a official signed certificate from
> Starfield Tech. LLC. They've sent two certifcates but I'm unsure
> how to use these certificates since the ssl_bump parameters only
> have one certificate as a parameter
The CA is very unlikely to be issuing you certificates capable of use
in Squid in the way intended. It is illegal for a trusted root CA to
do so in the country they are registered. Besides that it is downright
foolish for them to give up their trust reputation. Look at what
happened to DigiNotar.
The point of self-signed is that _your Squid_ is the root CA signer.
The ssl-bump feature in current Squid makes parameter cert= take the
self-signed CA certificate in PEM format. Squid generates the rest of
the certificte chain as necessary.
>
> On Sun, Oct 5, 2014 at 8:52 AM, Eliezer Croitoru wrote:
>
> On 10/05/2014 01:22 PM, Amos Jeffries wrote:
>>>> MSIE 11 seems to be growing in popularity for some reason
>>>> ;-)
>>>>
>>>> Amos
>
> And Still there is:
> http://bugs.squid-cache.org/show_bug.cgi?id=4115
>
> For now I am using ssl_crtd of 3.4.5 for google ssl bump to work.
>
> Eliezer
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUMkdGAAoJELJo5wb/XPRjygMH/Rk0EYwCgluL1YCWNa8cTZHN
RkPNY1fTbe7U0ioB7J69KTJ07XH8sy0w9bChB5s/siodi3WD8ogZ3VdtEYxcqjf1
9yhb771Il3IiVaAiuF62FHWTEHjwHwTcBVR7/cDxigPW2VuSyyhZsdA8ayl1ZUXO
jW44IH5g0Sja7KVJAfS67AANG4Sp4vMh1rGdXpbP8Bq8QGposL3viGh51z3k6/OP
Dok8oVIsIluICLc8sLAKJbJwaBYSh0SLBrnNUv0Yl6+MtAFNfViXJGa3OfRG5ucQ
aTS9Be4vzJthVdV1+tTtqubCvjrYB7PqQcfL9VzA4UlvQovgPDAnVMO074Kyjug=
=k3K8
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list