Ok, here are my results: 3.1.2 -> didn't managed to get SSL interception working 3.2.3 -> didn't managed to get SSL interception working 3.3.0.1 -> WORKS! What I did: wget http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.0.1.tar.gz tar xfvz squid-3.3.0.1.tar.gz ./configure --enable-ssl --enable-ssl-crtd make all make install cd /usr/local/squid mkdir ssl_cert cd ssl_cert openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem openssl x509 -in myCA.pem -outform DER -out myCA.der /usr/local/squid/libexec/ssl_crtd -c -s /usr/local/squid/var/lib/ssl_db (plz ensure that '/usr/local/squid/var/lib/' exists) chown -R nobody /usr/local/squid/var/lib/ssl_db Config (/usr/local/squid/etc/squid.conf): ================================ http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem always_direct allow all ssl_bump allow all # the following two options are unsafe and not always necessary: sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER acl our_networks src <yournetwork/cidr> http_access allow our_networks sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 ================================ Ensure that /usr/local/squid/var/logs/access.log and /usr/local/squid/var/logs/cache.log exists (the dirty way: touch & chmod 777). In short: Use 3.3 beta and you wont have any problems. If I would have knew that before I wouldn't have had to spend 2 days in with Squid 3.1.2 and 3.2.3.... ---------------------------------------- > From: heinrichhirtzel99@xxxxxxxxxxx > To: m.ferlitsch@xxxxxxxxx; squid-users@xxxxxxxxxxxxxxx > Date: Fri, 2 Nov 2012 13:36:42 +0100 > Subject: RE: Re: HTTPS traffic in normal transparent proxy > > > > Could you resolve this issue? > Na, unfortunately not. I've tried some other squid configurations and now I'm getting "Invalid URL: /". > I'm currently setting up a VM with squid 3.3. (beta), will post the test result here as soon as I have them. > > > I thought that ssl-bump was made for this. In my case the security is > > unimportant. But why it not works? > If you have an answer to that question please let me know :-) > > ---------------------------------------- > > Date: Fri, 2 Nov 2012 05:31:36 -0700 > > From: m.ferlitsch@xxxxxxxxx > > To: squid-users@xxxxxxxxxxxxxxx > > Subject: Re: HTTPS traffic in normal transparent proxy > > > > Could you resolve this issue? > > > > I only tried it with firefox on clients. But I think that IE has same > > problems. > > > > I thought that ssl-bump was made for this. In my case the security is > > unimportant. But why it not works? > > > > > > > > -- > > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-traffic-in-normal-transparent-proxy-tp1033647p4657205.html > > Sent from the Squid - Users mailing list archive at Nabble.com. >
