Hi. This question is unrelated directly to my yesterday's one.
I decided to intercept the HTTPS traffic on my production squids from proxy-unware clients to be able to tell them there's a proxy and they should configure one. So I'm doing it like (the process of forwarding using FreeBSD pf is not shown here): ===Cut=== acl unauthorized proxy_auth stringthatwillnevermatch acl step1 at_step sslBump1 https_port 127.0.0.1:3131 intercept ssl-bump cert=/usr/local/etc/squid/certs/squid.cert.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB dhparams=/usr/local/etc/squid/certs/dhparam.pem https_port [::1]:3131 intercept ssl-bump cert=/usr/local/etc/squid/certs/squid.cert.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB dhparams=/usr/local/etc/squid/certs/dhparam.pem ssl_bump peek step1 ssl_bump bump unauthorized ssl_bump splice all ===Cut=== Almost everything works, except that squid for some reason is generating certificates in this case for IP addresses, not names, so the browser shows a warning abount certificate being valid only for IP, and not name. Am I doing something wrong ? Thanks. Eugene. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
