[squid-users] What's the best way to ban Let's encrypt based certificates? or whitelist a very narrow list of Root and Intermediates CA?
Eliezer Croitoru
eliezer at ngtech.co.il
Sun Jan 20 22:02:55 UTC 2019
OK so from the real world:
What's the best way to ban Let's encrypt based certificates? or whitelist a
very narrow list of Root and Intermediates CA?
I have a setup which one of the requirements is to restrict access to sites
which depends on Let's encrypt generated certificates.
The issue is that these sites are encrypted but do not offer any way of
assuring real ISO and couple other compatibilities of the ORG.
For a simple home user it's fine most of the time but for some it's not.
The most simple way is to block the specific domain but I need to know if
the site certificate is from Let's encrypt.
I was thinking about an external ACL helper that might check it for squid if
squid or openssl doesn't have currently an option to implement it.
Thanks,
Eliezer
----
Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190121/fc4cc0ee/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11308 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190121/fc4cc0ee/attachment.png>
More information about the squid-users
mailing list