[squid-users] Distribute root certificate to clients
Yuri
yvoinov at gmail.com
Mon Mar 12 13:49:37 UTC 2018
I guess, there is no easy solution for this job.
The more difficult tasks is also mobile clients.
In my case, I use just a bit simple JS-trick solution found on
serverfault once upon a time.
It is point-and-click based, but not works for each and every browser.
Just for Chrome-based/Firefox and MS Edge (with some difficults).
Also, don't forget about such thing like JRE. Sometimes it also requires
to install cache root CA.
And, such thing as Thunderbird - it does not share certificate store
with FF.
12.03.2018 15:40, Nicolas Kovacs пишет:
> Hi,
>
> I have a few prospective clients who want/need to log and monitor all
> their web traffic and asked me to find a viable solution for this.
>
> After a couple of weeks of fiddling, I decided to opt for the
> Squid+SquidAnalyzer setup, which works quite well. I have a sandbox
> installation here in my office that already works quite satisfyingly.
>
> While working out the solution (thanks again to you guys, you know who
> you are), I took some extensive notes on my technical blog:
>
> * https://blog.microlinux.fr/squid-centos/
>
> * https://blog.microlinux.fr/squid-https-centos/
>
> * https://blog.microlinux.fr/squidanalyzer-centos/
>
> * https://blog.microlinux.fr/squid-exceptions/
>
> I have yet one problem to tackle, and I already have a solution in mind.
> Though I thought I'd rather ask here first, since this is a bit new to
> me, and you guys have much more experience.
>
> Most of my clients are small businesses with up to a few dozen client
> PCs, and also wireless access.
>
> The problem I'm currently facing is: how to provide an easy installation
> of Squid's root certificate? During my tests, I wrote some short
> instructions for my Linux clients with Firefox, Chrome and Konqueror:
>
> https://blog.microlinux.fr/squid-https-centos/#navigateurs
>
> Here's what I intend to do. Configure a local web page
> http://proxy.company.lan where clients can download the certificate file
> proxy.company.lan.der. This page also contains quick & dirty
> instructions on how to install the certificate on the most popular
> browsers/platforms (Chrome, Firefox, Safari, Internet Explorer).
>
> Each company will also have a printed document, explaining how to access
> the Internet. Something like this:
>
> 1. Open http://proxy.company.lan in your browser.
>
> 2. Download the proxy.company.lan.der certificate file.
>
> 3. Follow instructions to import this file into your browser.
>
> 4. Browse the web normally.
>
> Before doing that, I thought I'd inquire how you guys go about that. As
> a long-time Slackware user I've always been a fan of the KISS principle
> (Keep It Simple Stupid), so I try to have a no-nonsense approach.
>
> Any suggestions?
>
> Cheers from the sunny South of France,
>
> Niki
>
--
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180312/e23af4f6/attachment.sig>
More information about the squid-users
mailing list