ons 2008-07-30 klockan 23:32 -0700 skrev Serge Egelman: > I'm trying to set up squid to forward SSL connections. I previously had > it set up just as logging proxy for conducting laboratory usability > studies (we would configure the browsers on our lab machines to use the > proxy, then I could check the logs afterwards to see where people were > going). So I know it works for a minimal configuration. I'm working on > a study now where I need to inject a self signed certificate into an SSL > session (I'm looking at warning messages), but can't seem to get squid > configured correctly (the idea is that we'll have the lab machines use > configured to use the proxy again). To unwrap SSL and apply your own certificates when running as a proxy you need the sslBump feature making Squid intercept CONNECT requests and terminate the SSL locally. But it's unrelated from Squid opening the port. As you seem to have the SSL keys encrypted you need to either start Squid interactively using the -N command line option, or tell Squid how to retreive the SSL key encryption password by using the ssl_password_program directive in squid.conf. To avoid this most people keeps the keys unencrypted on the server to avoid the administrative burden of having to enter the password on each restart (including unplanned restarts..). To decrypt a encrypted key use the following command: openssl rsa -in encrypted.pem -out unencrypted.pem Regards Henrik
