Hi I know this question has been asked before but I didn't quite comprehend the answer.
I have got squid working as an explicit SSL proxy using SSLbump with Dynamic SSL certs. I have also managed to get it working as a transparent proxy. When I try the combination of the above 2 it doesn't seem to work. It seems to be rewriting my https requests to http. Also dynamic ssl certs doesn't seem to be working. However squid definitely intercepts the request so it seems like the NAT bit is fine. When I browse a website that's listening on 443 only I get "Zero Sized Reply" and when I browse a website that's listening on both 80/443 it works sometimes but the certificate is wrong. This person seems to have it working http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/ and I am pretty much copying his config. Here is my relevant config --------------------------------------------------------------- http_port 3128 transparent https_port 3129 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem http_port 8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl/proxy.pem always_direct allow all ssl_bump allow all # the following two options are unsafe and not always necessary: sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER -------------------------------------------------------------- Thanks Daniel
