[squid-users] Using subordinate CA for SSL Bump

Yuri Voinov yvoinov at gmail.com
Mon Dec 14 21:26:42 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Hi all.

Does anybody can tell me - is it possible to use subordinate secondary
CA in squid for SSL Bumping purpose?

I.e., we have self-signed primary CA for issue subordinate CA,

subordinate CA we install in squid's setup,

primary CA certificate install to clients.

For example.

For mimicking we'll using subordinate CA, and, in case of subordinate
key forgery, we can use primary CA to revoke subordinate CA and re-issue
them without total replacement primary CA on clients.

This will seriously increase bumping security procedure, hm?

I've tried this scheme with 3.5.11, but without success.

WBR, Yuri

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWbzQSAAoJENNXIZxhPexGR60IAJ/Q50kpDd9JDnaWP+CSk2k5
4l/cqbWjk+z3jJLHunvPfeURuq7l/7+cOBOvc5WTx0f05IOsg2M/+wv2IXocpjc7
FvtB5i6ZlBIGOVBPRbwoh/ipd8aR7W+zv+RvqzjDiO7NZ4PAWzN5ADW6+lIb4WfA
Mjxk/zhpngrlMoVu1zc82OUhu5b3/FUKqSMeuodP9lMFzQWN/y15HUtxBErj0TD6
mLvAv627rlOGRd96ZpKNB4Cpgl1Nqx7nx+U74eE2bNdV+1zABSUMeHHNVFizKH5A
g5c7Tds9nHumH+8HafWEmOFEsTLq+HLWlFp0vA/pq6Wo8GlCYo1UiDLNWn1OWi8=
=l917
-----END PGP SIGNATURE-----



More information about the squid-users mailing list