[squid-users] Safari 9 vs. SSL Bump
Jason Haar
Jason_Haar at trimble.com
Fri Oct 16 00:51:12 UTC 2015
On 16/10/15 13:34, Dan Charlesworth wrote:
> Thanks!
>
> So ignoring the “bumpable” helper check, it’s effectively peeking at step1 and then bumping it like my config’s doing.
>
> I wonder what else could be differentiating it. Is your proxy CA just installed in the Login keychain?
Nope - did it "properly" at the OS level. Get a PEM version of your
squidCA pubkey and as root do
security add-trusted-cert -d -r trustRoot -p ssl -p smime -p IPSec -p
eap -p basic /path/squidCA.pem > /dev/null 2>&1 || true
certtool i "/path/squidCA.pem" k=/System/Library/Keychains/X509Anchors
> /dev/null 2>&1 || true
The "ipsec/smime" stuff is actually not needed - but I don't care ;-) I
went for the carpet bombing approach for the Mac (which I don't know well)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the squid-users
mailing list