[squid-users] Using CA signed certificate for SSL bump

Antony Stone Antony.Stone at squid.open.source.it
Wed Sep 5 08:29:55 UTC 2018


On Wednesday 05 September 2018 at 09:02:45, Arshad Ansari wrote:

> Hi All,
> 
> I have setup squid 4.2 for forward proxy and caching. It is working fine
> when I am using self-signed certificate for SSL bump.

Good.  Well done.

> However, our security requirement is to use only CA signed certificate and
> not self-signed certificate.

That won't work.

> I have tried various options like using Https and intercept but nothing
> seems to be working.

Indeed.

> My question is does SSL work with CA signed certificate?

SSL?  Yes.

SSL Bump / interception, no - because if it did, you'd have a globally-trusted 
certificate which you could use to fake any website on the Internet.

Security?  The CA who gave you that certificate would disappear.


Antony.

-- 
Tinned food was developed for the British Navy in 1813.

The tin opener was not invented until 1858.

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list