[squid-users] Https_port with "official" certificate

Wed Aug 24 12:32:52 UTC 2016

On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:

> 24.08.2016 18:23, Antony Stone пишет:
> > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> >> No one CA do not issue signing CA for subject, which is not CA itself.
> >> 
> >> So, op wants impossible thing.
> > 
> > Why would one need a signING certificate just to create an SSL connection
> > between the browser and Squid?
> > 
> > Surely one merely needs a valid signED certificate, same as you would
> > put on a web server to set up secure connections to it?
> > 
> > OP is not intercepting secure traffic, nor making HTTP sites look to
> > the browser like HTTPS ones.
> 
> Then I do not understand what he wants op.

He wants to configure his browser to connect to the proxy over an SSL 
connection, and then inside this secure connection send standard HTTP and 
HTTPS requests, just as a browser would do over an unsecured connection to the 
proxy on Squid's standard port 3128.

It's nothing to do with whether either the client or the destination server 
believe the web content itself to be secured with SSL/TLS.

See "Encrypted browser-Squid connection" at the bottom of
http://wiki.squid-cache.org/Features/HTTPS

Antony.

-- 
Archaeologists have found a previously-unknown dinosaur which seems to have 
had a very large vocabulary.  They've named it Thesaurus.

                                                   Please reply to the list;
                                                         please *don't* CC me.