Hi all, I have some problems with my squid config when I use certificates generated with my internal CA. First, my ssl-bump config:
acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/acls/domains.nobump" ssl_bump peek DiscoverSNIHost ssl_bump splice NoSSLIntercept ssl_bump bump all With this config, all works as expected (I need to add some domains to domains.nobump, but gmail or google works without problems) only when I use a self-signed certificate in squid generated using the following commands: openssl genrsa -out server.key 4096 openssl req -new -key server.key -x509 -days 365 -out server.crt But when I sign squid's request certificate with my internal CA (based on OpenBSD's LibreSSL), nothing works: gmail fails, google fails, startpage fails, etc ... My internal CA is configured to use elliptic cryptographic curve (secp384r1 for CA and prime256v1 for host's certifcates). Maybe is this the problem? Why when I use self-signed certificate all works ok and not when I sign squid's certificate with my Internal CA? Thanks. -- Greetings, C. L. Martinez _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
