On 21.06.2012 11:14, Romain wrote:
Hi,
I'm using squid-3.1.19 and i would like to setup a https l7 split in
transparent mode. The configuration seems relatively easy and there
is no problem to catch the https request with iptables and forward it
to
the squid. (https_port 3130 intercept cert=... key=...)
But after that squid try to retrieve the page in http not in https...
Is it possible to keep the protocol throughout the request ?
It would seem so... but that forces a single certificate to be shared
by every domain in existence. Your clients will pop up invalid
certificate warnings on almost every single HTTP request.
You require the dynamic certificate generation feature of Squid-3.2 to
avoid those popups.
This patch is also needs to be applied to the current 3.2 snapshot, it
should be in tomorrows one.
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11599.patch
Amos
