On Thu, 2012-06-21 at 12:43 +1200, Amos Jeffries wrote: > On 21.06.2012 11:14, Romain wrote: > > Hi, > > > > I'm using squid-3.1.19 and i would like to setup a https l7 split in > > transparent mode. The configuration seems relatively easy and there > > is no problem to catch the https request with iptables and forward it > > to > > the squid. (https_port 3130 intercept cert=... key=...) > > > > But after that squid try to retrieve the page in http not in https... > > Is it possible to keep the protocol throughout the request ? > > It would seem so... but that forces a single certificate to be shared > by every domain in existence. Your clients will pop up invalid > certificate warnings on almost every single HTTP request. > > You require the dynamic certificate generation feature of Squid-3.2 to > avoid those popups. > > This patch is also needs to be applied to the current 3.2 snapshot, it > should be in tomorrows one. > http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11599.patch There is no problem to share a single certificate, the problem is that squid try to to retrieve the page in http not in https mode. Regards Romain > > Amos > -- Romain <romain@xxxxxxxxxxxx>
