Hi all, I've been trying to setup a system to do ssl interception and dynamic certificate generation in order to prevent our users from signing in to their personal gmail accounts (our company mail is through gmail). >From the info here http://support.google.com/a/bin/answer.py?hl=en&answer=1668854 I found that I needed to add a header in the request and have that working: request_header_add X-GoogApps-Allowed-Domains rodeofx.com all adds it to every http request which I'm fine with but I need to add it to https requests and that's not happening. I have tried things like: http_port 192.168.168.253:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myCA.pem always_direct allow all ssl_bump allow all # the following two options are unsafe and not always necessary: #sslproxy_cert_error allow all #sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /etc/squid/libexec/squid/ssl_crtd -s /etc/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 No love though.. I still get the regular google cert and don't see certs in my ssl_db folder. If anyone has suggestions to offer I'd really appreciate it. TIA, R
