On 24/12/10 04:15, Alex Ray wrote:
When using squid 3.2 beta with ssl-bump and dynamic certificate generation, is it possible to have the generated certificates issued by a trusted CA (trusted on each computer), so that browsers receive neither the "website does not match certificate CN" or "this certificate is self-signed/untrusted" errors?
Yes, if you have a trusted CA to sign with the "Dynamic SSL certificate" feature was just released in 3.2.0.4. It can use a public CA authority or a self-signed CA installed with trust on the browsers.
see http://wiki.squid-cache.org/Features/DynamicSslCert for how to configure Squid and generate self-signed CA for use.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
