Search squid archive

Re: squid/sslbump + IE9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm testing squid v3 with SSL interception  (the interception is to do
AV checking with icap) in routing mode.
Sslbump/dynamic certs are configured. A self-signed cert is used on
the proxy, and installed as a ca on browsers.

https to several sites (such as Gmail.com boi.com) works with FF
(although FF is initially much slower); but gives errors in IE9
"Internet Explorer blocked this website from displaying content with
security certificate errors"

Clicking on the lock icon shows the certificate with name
accounts.google.com and signed by myproxy.com, which is fine. So why
is IE not happy?

In the squid logs:
 NONE/000 0 CONNECT accounts.google.com:443 - HIER_NONE/- -
TCP_MISS/200 9497 GET https://accounts.google.com/ServiceLogin? -
HIER_DIRECT/209.85.148.84 text/html
NONE/000 0 CONNECT ssl.google-analytics.com:443 - HIER_NONE/- -
 NONE/000 0 CONNECT mail.google.com:443 - HIER_NONE/- -
NONE/000 0 CONNECT ssl.gstatic.com:443 - HIER_NONE/- -
TCP_MISS/200 1301 POST
http://safebrowsing.clients.google.com/safebrowsing/downloads

Is IE9 fussier that other browsers regarding SSL?


Any tips/best practices to get SSL interception running smoothly ? :-)

Thanks,

Sean


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux