On 10.12.19 06:14, aw_wolfe wrote:
Ok, thank you. As you can tell, I'm kinda fumbling my way through setting
this up.
Re-creating the certification with the openssl command only fixed the issue.
Firefox accepted the certification.
I think that I would rather not have to do the install certificate on all
the browsers. So if I can configure the stare option, that would be my
preferred solution.
A bit of searching around however, didn't turn up much and I'm a little
confused by the different "steps" commands.
so am I...
If you don't mind I'd appreciate a simple 1 or 2 line example or point me in
the right direction
and I also plan to log based on SSL client helo (SNI option).
Right now my squid.conf (not including the groups and whitelist part):
http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/myCA.pem
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
key=/etc/squid/ssl_cert/ca-key.pem
sslcrtd_program /usr/sbin/squid/libexec/security_file_certgen -s
/var/lib/ssl_db -M 4MB
sslcrtd_children 5
ssl_bump server-first all
sslproxy_cert_error allow all
if you only want to get the requested server name, forget making
certificates at all.
--
Matus UHLAR - fantomas, [email protected] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.
_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users
