On 27.09.2012 16:48, Muhammad Panji wrote:
Dear All,
I'm trying to implement SSL Bump to block Consumer Gmail while
allowing corporate Google Apps. I found some threads on archive about
this topics.
I already setup SSL Bump and I think it's working because when I open
mail.google.com it already warn for certificate error but when I try
to add exception the browser said the certificate is OK because I'm
trying to add certificate from mail.google.com.
Strange. But not related to ssl-bump specifically.
What you should have done is add your custom CA "root" certificate to
the client system so that it trusts any certificate generated using that
CA cert - including the ssl-bump one(s).
DO NOT add trust for the individual bumped certificate(s) to clients.
According to manual from Google. I should create certificate for
mail.company.com and rewrite the URL to mail.google.com/a/company.com
and do SSL termination on the proxy. When I try to use
redirect_program squid crash. Error on Log
Sep 26 19:39:39 localhost (squid): The redirector helpers are
crashing
too rapidly, need help!
My redirector script :
----
$|=1;
while (<>) {
chomp;
@X = split;
$url = $X[1];
if ($url =~ /^https:\/\/mail\.ssp\.hermisconsulting\.com/) {
print $X[0]."
https://mail.google.com/a/ssp.hermisconsulting.com/\n";;
} else {
print $X[0]." \n";
}
}
------
What I missed here, about the redirector and SSL bump itself. please
advice. Thank you in advance.
There is no relation between the two. That advice was how to do it
*without* ssl-bump. Such that clients connect to
https://mail.ssp.hermisconsulting.com/ and the proxy does all
mail.google.com communications without informing the client that
mail.google.com is involved.
Amos
