[squid-users] 4.9 https isue...unable import certificate in browser

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Dec 10 12:26:34 UTC 2019


On 10.12.19 06:14, aw_wolfe wrote:
>Ok, thank  you. As you can tell, I'm kinda fumbling my way through setting
>this up.
>
>Re-creating the certification with the openssl command only fixed the issue.
>Firefox accepted the certification.
>
>I think that I would rather not have to do the install certificate on all
>the browsers. So if I can configure the stare option, that would be my
>preferred solution.
>
>A bit of searching around however, didn't turn up much and I'm a little
>confused by the different "steps" commands.

so am I...

>If you don't mind I'd appreciate a simple 1 or 2 line example or point me in
>the right direction

and I also plan to log based on SSL client helo (SNI option).

>Right now my squid.conf (not including the groups and whitelist part):
>
>http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/myCA.pem
>generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>key=/etc/squid/ssl_cert/ca-key.pem
>
>sslcrtd_program /usr/sbin/squid/libexec/security_file_certgen -s
>/var/lib/ssl_db -M 4MB
>sslcrtd_children 5
>ssl_bump server-first all
>sslproxy_cert_error allow all

if you only want to get the requested server name, forget making
certificates at all.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.


More information about the squid-users mailing list