[squid-users] https quick question
Amos Jeffries
squid3 at treenet.co.nz
Thu May 21 13:00:36 UTC 2015
On 22/05/2015 9:09 a.m., snakeeyes wrote:
> Hi ,
>
> I WANT TO ESTABLISH squid https reverse proxy on squid
>
>
>
> Assume I configured and the keys xxxxx.crt & xxxxx.key needed for the
> directive
>
> https_port 443 accl cert=/etc/squid/ssl/xxxx.crt
> key=/etc/squid/ssl/xxxx.key vhost
>
>
>
> the question is being asked now
>
>
>
> do I need to add a certificate in my browser to get it work ?
No.
>
> if so , what key shoud I add ? the .cert file or the .key file ?
If it was signed by a global truted CA then you dont have to do anything
more. Making it work for clients is what you are paying the CA for.
If those keys were signed by a custom CA you can optionally add *that
CA* to the browser trusted set. Or the user could click to add exception
when they get their popup. Some of the browsers now are ignoring
self-signed certs (provided they are valid to the server being
contacted). Or you could add TLSA records to your DNS for the domain.
Amos
More information about the squid-users
mailing list