Hello all, Since ssl_bump can generate self signed certificates on the fly, I wonder if this setup is possible, or even just in theory: clients with necessary root CA installed connect to a local Squid. With ssl_bump and self signed certs, it always talks with the clients over HTTPS, making clients believe their connections are secure; the local Squid then forwards the connections to a parent Squid server, which however, will only send data back in plain HTTP, i.e. in clear text, akin to a reverse proxy with ssl termination to its proxied site.
my goals are to cache data/modify requests even when connecting to https only sites, while avoiding using self signed certs to encrypt connections over the Internet, because this way, I can chain an https proxy with trusted certs in between.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
