[squid-users] How to configure https_port ssl-bump ?
赵 俊
jun357572957zhao at hotmail.com
Tue Nov 21 01:31:19 UTC 2017
Hello,I configured https_port in squid.conf . However when I access https websites using Firefox,it shows "Your connection is not secure" .
The error like this:
www.amazon.com<http://www.amazon.com> used an invalid security certificate.
This certificate is valid for 23.13.186.212 only.
Error code: SSL_ERROR_BAD_CERT_DOMAIN
My CA produced by openssl is a Self-signed certificate.
Here is my squid.conf:
https_port 192.168.51.200:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump bump all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171121/be17f28b/attachment.html>
More information about the squid-users
mailing list