[squid-users] Buy Certificates for Squid 'man in the middle'

Amos Jeffries squid3 at treenet.co.nz
Thu Feb 2 09:37:48 UTC 2017


On 2/02/2017 9:49 p.m., Odhiambo Washington wrote:
> So we can't even use the free certs from letsencrypt with Squid??
> 

Not for MITM / SSL-Bump no.

The very first clause of the purchase contract for the LetsEncrypt CA is:

"
By requesting, accepting, or using a Let’s Encrypt Certificate:

* You warrant to ISRG and the public-at-large that You are the
legitimate registrant of the Internet domain name that is, or is going
to be, the subject of Your Certificate, or that You are the duly
authorized agent of such registrant.
"

Meaning they can be used for explicit TLS-proxy or CDN reverse-proxy only.

If you have just used LetsEncrypt certs because of the hype about being
cheap, easy and everyone else is saying its good. I think it well worth
your time going to their site and reading that contract to which you
have bound your network.

For networks outside North America there are some legal implications
about signing judicial authority and your users method of legal redress
over to the USA government.

Amos



More information about the squid-users mailing list