[squid-users] Https_port with "official" certificate
Antony Stone
Antony.Stone at squid.open.source.it
Wed Aug 24 12:32:52 UTC 2016
On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote:
> 24.08.2016 18:23, Antony Stone пишет:
> > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote:
> >> No one CA do not issue signing CA for subject, which is not CA itself.
> >>
> >> So, op wants impossible thing.
> >
> > Why would one need a signING certificate just to create an SSL connection
> > between the browser and Squid?
> >
> > Surely one merely needs a valid signED certificate, same as you would
> > put on a web server to set up secure connections to it?
> >
> > OP is not intercepting secure traffic, nor making HTTP sites look to
> > the browser like HTTPS ones.
>
> Then I do not understand what he wants op.
He wants to configure his browser to connect to the proxy over an SSL
connection, and then inside this secure connection send standard HTTP and
HTTPS requests, just as a browser would do over an unsecured connection to the
proxy on Squid's standard port 3128.
It's nothing to do with whether either the client or the destination server
believe the web content itself to be secured with SSL/TLS.
See "Encrypted browser-Squid connection" at the bottom of
http://wiki.squid-cache.org/Features/HTTPS
Antony.
--
Archaeologists have found a previously-unknown dinosaur which seems to have
had a very large vocabulary. They've named it Thesaurus.
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list