[squid-users] Using CA signed certificate for SSL bump
Alex Crow
alex at nanogherkin.com
Wed Sep 5 11:05:17 UTC 2018
You can set up your own internal CA. You then have the CA key (so can
generate certificates for any domain) and install the CA public
certificate on all client machines.
That CA can be anything from a local CA on the squid box, using a
central VM with something like XCA installed, all the way to an
enterprise HSM.
But you must have the CA key. There is no way a commercial CA would give
you a universal signing key.
Alex
On 05/09/18 08:02, Arshad Ansari wrote:
>
> Hi All,
>
> I have setup squid 4.2 for forward proxy and caching. It is working
> fine when I am using self-signed certificate for SSL bump.
>
> However, our security requirement is to use only CA signed certificate
> and not self-signed certificate.
>
> I have tried various options like using Https and intercept but
> nothing seems to be working.
>
> My question is does SSL work with CA signed certificate?
>
> Regards,
> Arshad
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180905/ba5bddae/attachment.html>
More information about the squid-users
mailing list