Hello Hardik and all, Try adding .mzstatic.com to your exclusion from SSL bump as indicated on https://docs.diladele.com/faq/squid/sslbump_exlusions/apple_app_store.html Please note you need to adapt it to regex as we use it in ssl::server_name directive.
Best regards, Rafael Akchurin Diladele B.V. From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Hardik Dangar Sent: Thursday, February 9, 2017 3:44 PM To: Eliezer Croitoru <elie...@ngtech.co.il>; Squid Users <squid-users@lists.squid-cache.org> Subject: Re: [squid-users] Transparent Squid issue with Appstore in MacOS Sierra hey eliezer, thanks for quick response i am actually using following, acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump" ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all contents of url.nobump file are, update\.microsoft\.com$ update\.microsoft\.com\.akadns\.net$ v10\.vortex\-win\.data\.microsoft.com<http://microsoft.com>$ settings\-win\.data\.microsoft\.com$ # The next are trusted SKYPE addresses a\.config\.skype\.com$ pipe\.skype\.com$ w[0-9]+\.web\.whatsapp\.com$ tty\.scaleway\.com$ eaadhaar\.uidai\.gov\.in$ facebook\.com$ opera\.com$ itunes\.apple\.com$ Do i need to do anything additional? or are you suggesting i remove bumping completely and just use splice feature only. On Thu, Feb 9, 2017 at 3:52 PM, Eliezer Croitoru <elie...@ngtech.co.il<mailto:elie...@ngtech.co.il>> wrote: Thanks for sharing the details. But you didn’t answered if you tried slice with ssl bump. Let me know if you have tried it. Eliezer ---- Eliezer Croitoru<http://ngtech.co.il/lmgtfy/> Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il<mailto:elie...@ngtech.co.il> [cid:image001.png@01D282EB.E03F0E80] From: hardikdan...@gmail.com<mailto:hardikdan...@gmail.com> [mailto:hardikdan...@gmail.com<mailto:hardikdan...@gmail.com>] On Behalf Of Hardik Dangar Sent: Wednesday, February 8, 2017 10:17 PM To: Eliezer Croitoru <elie...@ngtech.co.il<mailto:elie...@ngtech.co.il>> Cc: Squid Users <squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>> Subject: Re: [squid-users] Transparent Squid issue with Appstore in MacOS Sierra I am using following command, i am converting pem file into cer using openssl and then putting that file using this command into keychain. sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "~/mycert.cer" On Wed, Feb 8, 2017 at 9:36 PM, Eliezer Croitoru <elie...@ngtech.co.il<mailto:elie...@ngtech.co.il>> wrote: Can you give me\us a link to instructions how you have installed the certificate on MAC OS? I know how to do it on Windows and Linux but not MAC OS. Also, have you tried using peek and splice? From your email it seems you have not tried to use these.(If you need instructions I would be happy to share what I am using for windows updates and it can be adapted to appstore). Thanks, Eliezer ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il<mailto:elie...@ngtech.co.il> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org<mailto:squid-users-boun...@lists.squid-cache.org>] On Behalf Of Hardik Dangar Sent: Tuesday, February 7, 2017 9:06 PM To: Squid Users <squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>> Subject: [squid-users] Transparent Squid issue with Appstore in MacOS Sierra Hello, Here is some information about my squid version, Squid Cache: Version 3.5.23 Service Name: squid configure options: '--prefix=/usr' '--localstatedir=/var/squid' '--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid' '--with-default-user=proxy' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-openssl' '--enable-ssl-crtd' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake' '--enable-ecap' We are running squid as transparent proxy and have certs installed in all systems. Until recently all our systems were ubuntu or windows. Recently we added mac os Seirra and the biggest issue we had with mac is even after installing certificates. Few apps have problems. Our biggest problem is Itunes Store. It just doesn't work for some reason. if we check the log we get random ip's trying to connect via 443 port but it doesn't connect. Also Skype for Mac does not work. strangely this works for windows and ubuntu in our network. Again we see the same behavior. both of these apps does not work even in Iphone and Ipad. I believe someone must be able to configure transparent squid with Mac. can anyone tell me if i need to do anything extra for Mac setup.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users