[squid-users] sslbump and caching of generated cert

Alex Wu alex_wu2012 at hotmail.com
Mon Jun 29 17:35:26 UTC 2015


So far as I know, hen sslbump is enabled for a port, for each dns name, squid save a cert generated according to dns name and signing key (from http_port configuration). So the next time, the generated cert can be fetched if the same dns host and configured signing key.
Now  have a question on this:









http_port 10045 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/opt/bg/deploy/squid/etc/mydlp/ssl/key_10045.pem cert=/opt/bg/deploy/squid/etc/mydlp/ssl/cert_10045.pem
http_port 10046 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/opt/bg/deploy/squid/etc/mydlp/ssl/key_10046.pem cert=/opt/bg/deploy/squid/etc/mydlp/ssl/cert_10046.pem
I have two ports configured with SSLBUMP. Each port has its own CA signing key. The desired behavior is that, for the hostname www.foo.com, the certificate generated for the port should use key_10045, and the certificate generated for the port should use key_10046. It seems OK. 
But, if we look at the ssl_db, only the last generated certificate is cached for www.foo.com. Is it possible to cache the generated certificates by the host and signing key?
Alex 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150629/792be9a5/attachment.html>


More information about the squid-users mailing list