[squid-users] Enable SSL bump
Amos Jeffries
squid3 at treenet.co.nz
Mon Jan 23 22:39:16 UTC 2017
On 24/01/2017 11:27 a.m., Mustafa Mohammad wrote:
> I'm trying to enable ssl bump but it says that
> FATAL: No valid signing SSL certificate configured for HTTP_port [::]:the
> port I'm listening on. I did a lot of research and I couldn't find the
> answer. Any help would be deeply appreciated.
>
SSL-Bump feature requires the TLS/SSL options which are normally only
mandatory on https_port.
Specifically the cert= option needs to be pointing Squid at a CA cert
with privileges to sign the auto-generated certs SSL-Bump creates.
NP: a normal server cert such as one receives from the global root CAs
is not sufficient.
Also, please ensure you are using the latest versions of Squid with this
feature (today that is 3.5.23 or later, the 4.0 beta if possible).
SSL-Bump has gone through a lot of change and older implementations have
some quite nasty limitations and side effects.
Amos
More information about the squid-users
mailing list