Search squid archive

Re: Dynamic Certs Squid 3.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19/10/2012 2:36 a.m., Jesse Smith wrote:
Thanks Amos, our purpose is to dynamically generate all our domain certs so only one IP address has to be used. But, my understanding is, that you cannot use a commercial CA for dynamically signing the cert, which makes sense as they would not give out their private key.

Can you use a commercial root CA to sign dynamically generated certs?

Yes you can - provided you have the private CA cert key to sign with.

If this is actually a reverse-proxy serving your own domains there is no need for the "intercept" flags. Please set it up as an reverse proxy properly with "accel" mode flags. ssl-bump flag and certificate generation should still work okay - its has not had much testing for that mode combination but should be expected to work fine. Any bugs you find in its behaviour please notify the developers via bugzills (bugs.squid-cache.org).

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux