Hey,
Only to this specific host or also all the subdomains etc..
It differs a bit..
A small look at this wiki:
http://wiki.squid-cache.org/Features/MimicSslServerCert
Will calrify some doubts and situations which you will might see some
problem.
Eliezer
On 10/17/2013 06:44 PM, Larry Zhao wrote:
Hi, Guys,
I am trying to setup a SSL proxy for one of my internal servers to
visit `https://www.googleapis.com` using Squid, to make my Rails
application on that server to reach `googleapis.com` via the proxy.
I am new to this, so my approach is to setup a SSL transparent proxy
with Squid. I build `Squid 3.3` on Ubuntu 12.04, generated a pair of
ssl key and crt, and configure squid like this:
http_port 443 transparent cert=/home/larry/ssl/server.csr
key=/home/larry/ssl/server.key
And leaves almost all other configurations default. The authorization
of the dir that holds key/crt is `drwxrwxr-x 2 proxy proxy 4096
Oct 17 15:45 ssl`
Back on my dev laptop, I put `<proxy-server-ip> www.googleapis.com` in
my `/etc/hosts` to make the call goes to my proxy server.
But when I try it in my rails application, I got:
SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A:
unknown protocol
And I also tried with openssl in cli:
openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1
| grep "^SSL"
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:error in SSLv2/v3 read server hello A
Where did I do wrong?
--
Cheers ~
Larry
