Márcio Luciano Donada escreveu: > Guy Helmer escreveu: > >>> I am also conducting tests with the sslbump but driving in firewall >>> (iptables) https connection to the squid. I am using in squid.conf as >>> follows: >>> >>> http_port 3128 transparent sslBump cert = / etc/squid3/ssl/cacert.pem >>> key = / etc/squid3/ssl/privkey.pem >>> >>> Even in directing the browser to https proxy server's IP is not working. >>> Some ideas? I am using the version 3.HEAD-CVS >>> >> It is not possible to transparently proxy HTTPS through the http_port >> because the connection starts as SSL, not plaintext HTTP that the >> http_port expects. >> >> You would need an https_port command, like: >> >> https_port 3129 transparent sslBump cert=... key=... >> >> and then set your iptables configuration to forward port 443 packets to >> squid's 3129 port for transparent HTTPS proxying. >> >> Hope this helps, >> Guy >> > Thank you for your reply Guy. I think I'm now on the way, but I had a problem and the log (cache.log) the following error: Ignoring https_port 0.0.0.0:3129 initialization failure due to SSL My squid.conf configuration is: https_port 3129 transparent sslBump cert=/etc/squid3/ssl/cacert.pem key=/etc/squid3/ssl/privkey.pem. Generation keys: openssl genrsa -des3 -out privkey.pem 2048 openssl req -new -x509 -nodes -key privkey.pem -out cacert.pem -days 3650 Some ideas? -- Márcio Luciano Donada <mdonada at auroraalimentos dot com dot br> Aurora Alimentos - Cooperativa Central Oeste Catarinense Departamento de T.I.
