Hi,
i want squid to create dynamic ssl certificates in intercept mode, which works,
but squid uses ip-addresses for the certificates of the site, not the host name.
Does anybody know why this happens?
squid.conf:
cache_effective_user squid
cache_effective_group squid
#acl localhost src 127.0.0.1/32 ::1
acl localnet src 192.168.42.0/24
acl blocknet src 192.168.42.10-192.168.42.50
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
ssl_bump client-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
always_direct allow all
http_access allow all
http_port 192.168.42.1:3128 intercept
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/ssl_db -M 4MB
sslcrtd_children 5
https_port 192.168.42.1:3127 transparent ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
Thank you!