[squid-users] Is there a way on client to show proxy's certificate?

GeorgeShen g2011828 at hotmail.com
Mon Dec 23 18:55:14 UTC 2019


>> actually doing "openssl s_client -proxy 192.168.1.35:3129 -connect
>> <host:port> -showcerts ",
>> noticed two of the three certs from that display is from the proxy server
>> I
>> think. the first one
>> is the modified host cert. maybe that's the way to get proxy server's
>> certs.
>> 

>You are using SSL-Bump. There is no "proxy cert" in these connections.
>There is only client cert (optional) and server cert (possibly modified
>by Squid, with CA chain).
>
>What you see there is what exists in the traffic.

Sorry, but when I run the above openssl command, I do get three certs, first
one is
the modified server cert, the 2nd and third certs are the squid proxy's
certs. Yes the
proxy is configured to do the SSL-BUMP on port 3129. I would think the proxy
needs to
send it's certs to the client for that part of the TLS connection. Can this
explain I'm receiving
the proxy's cert ?

thanks.
- George




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list