[squid-users] Squid 3.5.17 SSL-Bump Step1

admin admin at tisiz72.ru
Mon May 16 05:48:24 UTC 2016


Hi!

Squid 3.5.17 with SSL, intercept.

I use SSL-Bump only step1 that get SNI and terminate HTTPS sites by 
domain name. The certificate's is not replaced !

acl blocked_https ssl::server_name  "/etc/squid/urls/block-url"
https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 
connection-auth=off cert=/etc/squid/squidCA.pem
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump terminate blocked_https

It works.

But if I use

acl users_no_inet src "/etc/squid/ip-groups/no-inet"
http_access deny users_no_inet

I see NET::ERR_CERT_AUTHORITY_INVALID in browser. I import my squid 
cert, but I see NET::ERR_CERT_COMMON_NAME_INVALID

Why in this case, the squid trying to replace the certificate?



More information about the squid-users mailing list