Hi,
I am testing Dynamic SSL Certificate Generation:
http://wiki.squid-cache.org/Features/DynamicSslCert
My clients are mostly Microsoft Windows Active Directory domain
members. I can push self-signed root ca certificate to clients by means
of group policy in order for browsers not to warn about
On 1/11/2013 5:11 p.m., Lennert Rienau wrote:
Hi,
i want squid to create dynamic ssl certificates in intercept mode, which works,
but squid uses ip-addresses for the certificates of the site, not the host name.
Does anybody know why this happens?
Because you use client-first bumping on
Because you use client-first bumping on intercepted traffic.
The only details Squid has at that point are the IP address and port the
clients ws connecting to.
You need server-first bumping to contact the server and find out what
domain(s) its certificate indicate.
Thank you for your
On 11/01/2013 08:34 AM, Lennert Rienau wrote:
Because you use client-first bumping on intercepted traffic.
The only details Squid has at that point are the IP address and port the
clients ws connecting to.
You need server-first bumping to contact the server and find out what
domain(s) its
Hi,
i want squid to create dynamic ssl certificates in intercept mode, which works,
but squid uses ip-addresses for the certificates of the site, not the host name.
Does anybody know why this happens?
squid.conf:
cache_effective_user squid
cache_effective_group
Hi,
I have successfully installed squid 3.3 compiled with ssl support
Interception SSL traffic is working fine with browsers loaded with my
self created .DER file.
But without it , I keep getting browser warningings , chrome doesn't
work at all with gmail in this case.
My SSL settings are :
On Mar 14, 2013, at 7:22 AM, Hasanen AL-Bana hasa...@gmail.com wrote:
Hi,
I have successfully installed squid 3.3 compiled with ssl support
Interception SSL traffic is working fine with browsers loaded with my
self created .DER file.
But without it , I keep getting browser warningings ,
On Mar 14, 2013, at 9:23 AM, Hasanen AL-Bana hasa...@gmail.com wrote:
I thought Squid can fetch the original certificate for a website and pass it
to the browser instead of the one created by me,
Isn't that how dynamic ssl generation should work ?
No, there are two parts for the asymmetric
Thank you Guy for your clarification,
So you are saying that the only way to achieve squid https
interception is to force users to upload our squid certificate to
their browser, or they will have to deal with the browser warnings
On Thu, Mar 14, 2013 at 5:29 PM, Guy Helmer
2013 18:54
À : Guy Helmer
Cc : squid-users@squid-cache.org
Objet : Re: [squid-users] Dynamic SSL
Thank you Guy for your clarification,
So you are saying that the only way to achieve squid https interception is to
force users to upload our squid certificate to their browser, or they will have
I am trying to get SSL bumping to work on my CentOS system.
I am using these options in my squid.conf
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
sslcrtd_program /usr/lib/squid/ssl_crtd -s
On 25/11/2012 6:57 a.m., Aleksandr Tatarinov wrote:
I am trying to get SSL bumping to work on my CentOS system.
I am using these options in my squid.conf
http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
Hey All,
I am trying to use the dynamic SSL certificate generation in 3.3. My
squid setup is an interception proxy setup. So dynamic generation in
interception is only possible after bump-server first available in
3.3.
I have added the Root CA certificate(generated by myself) to the
browser. The
On Apr 26, 2012, at 1:12 AM, Ahmed Talha Khan wrote:
Hey All,
I am trying to use the dynamic SSL certificate generation in 3.3. My
squid setup is an interception proxy setup. So dynamic generation in
interception is only possible after bump-server first available in
3.3.
I have added
I try to use sslbump and Dynamic SSL Certificate Generation with squid 3.2
(latest from bzr) but get the following error:
g++ -DHAVE_CONFIG_H -I../.. -I../../include -I../../lib -I../../src -I../../include
-Wall -Wpointer-arith -Wwrite-strings -Wcomments -Werror -pipe -D_REENTRANT
-g
Hi.
I'm using squid ssl interception in transparent proxy mode. But, of
course I have problem with invalid common name in any ssl transaction. I
found this: ...We believe it is technically possible to implement
dynamic certificate generation for transparent connections. Doing so
requires
I was able to get it working in 3.1.12.1 as well.
-Original Message-
From: Will Metcalf [mailto:william.metc...@gmail.com]
Sent: Tuesday, May 03, 2011 7:51 PM
To: Amos Jeffries
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] dynamic SSL cert generation
This daily build worked
http://wiki.squid-cache.org/Features/DynamicSslCert
Which version of squid actually has this code in it? I have tried
squid-3.1.12 and squid-3.2.0.7 (I was not able to get 3.2 to compile
cleanly)
Squid-3.1.12 does not accept these parameters
generate-host-certificates=on
On Tue, 3 May 2011 12:13:14 -0700, Mark Bassett wrote:
http://wiki.squid-cache.org/Features/DynamicSslCert
Which version of squid actually has this code in it? I have tried
squid-3.1.12 and squid-3.2.0.7 (I was not able to get 3.2 to compile
cleanly)
Squid-3.1.12 does not accept these
This daily build worked for me..
wget http://www.squid-cache.org/Versions/v3/3.HEAD/squid-3.HEAD-20110429.tar.gz
Regards,
Will
On Tue, May 3, 2011 at 5:55 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On Tue, 3 May 2011 12:13:14 -0700, Mark Bassett wrote:
20 matches
Mail list logo