I've been trying for some time to get a transparent proxy with https interception working. I've read a number of guides and most have fairly obvious mistakes (which were not obvious when I started this project) I've successfully created a CA and upon registering this CA on a connected client am able to intercept https when using squid in an explicit configuration however bump + transparent is still not working. i've built squid 3.3.8 with --enable-ssl --enable-ssl-crtd Currently i've got the following config output from iptables ---------------------------- # Generated by iptables-save v1.4.14 on Fri Sep 13 11:23:36 2013 *nat :PREROUTING ACCEPT [482:102521] :INPUT ACCEPT [127:11625] :OUTPUT ACCEPT [256:16542] :POSTROUTING ACCEPT [8:1004] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3130 -A POSTROUTING -o wwan0 -j MASQUERADE -A POSTROUTING -o wwan0 -j MASQUERADE -------------------------------- and squid.conf as follows: -------------------------------- visible_hostname server httpd_suppress_version_string on forwarded_for off acl localnet src 192.168.0.0/16 acl SSL_ports port 443 http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access allow localnet http_access deny manager http_access deny all http_port 3128 intercept https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 always_direct allow all ssl_bump server-first all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/lib/ssl_db -M 4MB sslcrtd_children 5 ---------------------------------- -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Unable-to-get-bump-server-first-working-with-intercept-tp4662105.html Sent from the Squid - Users mailing list archive at Nabble.com.
