From the squid.conf.documented: # SSL Bump Mode Options: # In addition to these options ssl-bump requires TLS/SSL options. # # generate-host-certificates[=<on|off>] # Dynamically create SSL server certificates for the # destination hosts of bumped CONNECT requests.When # enabled, the cert and key options are used to sign # generated certificates. Otherwise generated # certificate will be selfsigned. # If there is a CA certificate lifetime of the generated # certificate equals lifetime of the CA certificate. If # generated certificate is selfsigned lifetime is three # years. # This option is enabled by default when ssl-bump is used. # See the ssl-bump option above for more information.
I did not find this to be the case and had to add it to my https_ports line: https_port bleh:3129 intercept generate-host-certificates=on ssl-bump cert=/opt/sslsplit/sslsplit.crt key=/opt/sslsplit/sslsplitca.key options=ALL Thank you. James
signature.asc
Description: This is a digitally signed message part
