[squid-users] Sending intermediate certificate with SSL-Bumped Certificate. (V3.5.1516-3-2-r14000)

The_Spider spider at smoothnet.org
Sat Apr 9 05:56:04 UTC 2016


I can confirm that this configuration works as requested with the
configuration Jok Thuau had posted with the latest version 3.5.16.

Thank you so much for the response and the assistance.

On Thu, Apr 7, 2016 at 1:15 PM, Jok Thuau <jok at spikes.com> wrote:
> with 3.5.15, I have this config:
>
> ---8<---
> https_port 8443 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=64MB \
>     cert=/etc/squid/ssl/proxy.pem \
>     key=/etc/squid/ssl/proxy.key \
>     cafile=/etc/squid/ssl/proxy.pem
> --->8---
>
> proxy.pem is the concatenation of both the CA cert (intermediate) followed
> by the root cert (my offline CA). Best i can tell, all of it is sent back to
> the client (generated cert, intermediate and root CA).
>
> HTH
> Jok
>
>
>
>
> On Thu, Apr 7, 2016 at 10:59 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>
>> On 7/04/2016 5:25 a.m., Nicolaas Hyatt wrote:
>> > Amos,
>> > Thanks for your quick response and your time. I have not yet messed with
>> > 4.0. Is this something that may find its way into the 3.x stable branch
>> > at some point?
>> >
>>
>> Maybe. I am reliant on the guys doing OpenSSL code (aka. Christos) to
>> test the backporting though. So it will depend on whether he thinks its
>> important enough.
>>
>> I'm hopeful, but no guarantees.
>>
>> Amos
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


More information about the squid-users mailing list