[squid-users] Squid 3.5.17 SSL-Bump Step1
admin
admin at tisiz72.ru
Mon May 16 05:48:24 UTC 2016
Hi!
Squid 3.5.17 with SSL, intercept.
I use SSL-Bump only step1 that get SNI and terminate HTTPS sites by
domain name. The certificate's is not replaced !
acl blocked_https ssl::server_name "/etc/squid/urls/block-url"
https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2
connection-auth=off cert=/etc/squid/squidCA.pem
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump terminate blocked_https
It works.
But if I use
acl users_no_inet src "/etc/squid/ip-groups/no-inet"
http_access deny users_no_inet
I see NET::ERR_CERT_AUTHORITY_INVALID in browser. I import my squid
cert, but I see NET::ERR_CERT_COMMON_NAME_INVALID
Why in this case, the squid trying to replace the certificate?
More information about the squid-users
mailing list