On 26/01/19 5:51 am, Bill Bernsen wrote: > Hi, > > I have squid running as an explicit forward proxy on the > host example.com <http://example.com/> controlling access to all hosts > in *.example.com <http://example.com/>. All the hosts in *.example.com > <http://example.com/> have self-signed certificates that I want to > appear as trusted to user browsers. I don't have the option of obtaining > a trusted CA. I do, however, have a trusted wildcard certificate for > *.example.com <http://example.com/> available. Is there a way that I can > tell squid to present this static wildcard certificate to clients in > lieu of all upstream server certificates?
As a forward proxy clients are *not* connecting to any of the *.example.com domains. They are connecting to your proxy hostname - and telling it to take care of the origin connections. So all clients need is trust for the CA which signed the proxy's certificate. The proxy is the only agent in the path which needs to trust the wildcard *.example.com certificate. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
