[squid-users] Using CA signed certificate for SSL bump

Flashdown flashdown at data-core.org
Wed Sep 5 10:02:36 UTC 2018


Hey,

How should that work? That would require an ca to sign your selfsigney ca to be able to issue valid public certs for all websites. If that would be possible, then the whole concept of ssl security would be worth nothing. You cant create valid certificates for such websites. You can only issue certs that are valid in your organisation only. Therefore the selfsigned ca needs to be trusted by your clients by adding it in the trust root authorities. There is no other way, wait, there is, do not try to intercept ssl secured connections. So you cant look in the traffic as it is supposed to be. Or break it and live with the needs required for this. If you have no valid reason to intercept sich traffic then just dont do it.

Am 5. September 2018 09:02:45 MESZ schrieb Arshad Ansari <arshadansari at live.in>:
>Hi All,
>
>
>
>I have setup squid 4.2 for forward proxy and caching. It is working
>fine when I am using self-signed certificate for SSL bump.
>
>
>
>However, our security requirement is to use only CA signed certificate
>and not self-signed certificate.
>
>
>
>I have tried various options like using Https and intercept but nothing
>seems to be working.
>
>
>
>My question is does SSL work with CA signed certificate?
>
>
>
>Regards,
>Arshad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180905/ef8327ed/attachment.html>


More information about the squid-users mailing list