[squid-users] Trusted CA Certificate with ssl_bump

Alex Crow acrow at integrafin.co.uk
Tue Nov 15 14:41:34 UTC 2016


On 15/11/16 14:22, Sergio Belkin wrote:
> Hi,
>
> When using something like that:
>
> http_port 8080 intercept ssl-bump generate-host-certificates=on 
> dynamic_cert_mem_cache_size=4MB 
> cert=/home/proxy/ssl_cert/example.com.cert 
> key=/home/proxy/ssl_cert/example.com.private
>
>
> Is possible to use a certificate generated by a trusted CA?
>
>
> Thanks in advance!
> -- 
> --
> Sergio Belkin
> LPIC-2 Certified - http://www.lpi.org

If you mean a normal commercial CA, then no, because you would need the 
CA's signing key, which I very much doubt they would give you, and your 
cert would need to have signing capability, which it won't.

Cheers

Alex


--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161115/65f89dcc/attachment.html>


More information about the squid-users mailing list