[squid-users] Using SSL bump and reverse proxy for DNS sinkhole
thompsonm
thompsonm3301 at protonmail.com
Sat Sep 8 09:00:41 UTC 2018
"1. a web server which will generate an SSL certificate on the fly and then
serve
HTT{S content back to the client using that certificate "
Is there a way to do this? The only way I can find is to use wildcard
certificates. But that's not what I'm trying to do.
"2. a pile of SSL certificates which you generate using your own CA at the
same
time you put the fake entries into DNS. After all, you know what domains
you're putting into your "DNS sinkhole", so just generate an SSL certificate
for each one as you do it, load them onto your web server, and there you go.
"
This is not really feasible because the lists are always being updated. I
could write a script or something but I think it would be better just to
have a web server or proxy create the certificates when the client tries to
connect.
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list