Hi, Guys, I found my problem, the problem is I should use the directive https_port instead of http_port for port 443. After I change the config in squid.conf to https_port 443 cert=/home/larry/ssl/server.crt key=/home/larry/ssl/server.key ssl-bump transparent I restarted squid and found this in the log: (ssl_crtd): Uninitialized SSL certificate database directory: /opt/squid3/var/lib/ssl_db. To initialize, run "ssl_crtd -c -s /opt/squid3/var/lib/ssl_db". So I go and run that command: sudo -u proxy ./ssl_crtd -c -s /opt/squid3/var/lib/ssl_db but it results in error: Initialization SSL db... ./ssl_crtd: Cannot create /opt/squid3/var/lib/ssl_db I can't find further information on why this failed...need help.. -- Cheers ~ Larry On Fri, Oct 18, 2013 at 9:59 AM, Larry Zhao <thehiddendepth@xxxxxxxxx> wrote: > Hi, Eliezer, > > Yes, my problem to solve is only to proxy to this specific host, no > other subdomains need considering. > > And to be honest, I am new to this part, from what I could get from > the page you mentioned, I need to use ssl-bump? Am I right? > -- > > Cheers ~ > > Larry > > > On Fri, Oct 18, 2013 at 2:48 AM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote: >> Hey, >> >> Only to this specific host or also all the subdomains etc.. >> It differs a bit.. >> A small look at this wiki: >> http://wiki.squid-cache.org/Features/MimicSslServerCert >> >> Will calrify some doubts and situations which you will might see some >> problem. >> >> Eliezer >> >> >> On 10/17/2013 06:44 PM, Larry Zhao wrote: >>> >>> Hi, Guys, >>> >>> >>> I am trying to setup a SSL proxy for one of my internal servers to >>> visit `https://www.googleapis.com` using Squid, to make my Rails >>> application on that server to reach `googleapis.com` via the proxy. >>> >>> >>> I am new to this, so my approach is to setup a SSL transparent proxy >>> with Squid. I build `Squid 3.3` on Ubuntu 12.04, generated a pair of >>> ssl key and crt, and configure squid like this: >>> >>> >>> http_port 443 transparent cert=/home/larry/ssl/server.csr >>> key=/home/larry/ssl/server.key >>> >>> >>> And leaves almost all other configurations default. The authorization >>> of the dir that holds key/crt is `drwxrwxr-x 2 proxy proxy 4096 >>> Oct 17 15:45 ssl` >>> >>> >>> Back on my dev laptop, I put `<proxy-server-ip> www.googleapis.com` in >>> my `/etc/hosts` to make the call goes to my proxy server. >>> >>> >>> But when I try it in my rails application, I got: >>> >>> >>> SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: >>> unknown protocol >>> >>> >>> And I also tried with openssl in cli: >>> >>> >>> openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1 >>> | grep "^SSL" >>> >>> SSL_connect:before/connect initialization >>> >>> SSL_connect:SSLv2/v3 write client hello A >>> >>> SSL_connect:error in SSLv2/v3 read server hello A >>> >>> SSL_connect:error in SSLv2/v3 read server hello A >>> >>> >>> >>> Where did I do wrong? >>> >>> -- >>> >>> Cheers ~ >>> >>> Larry >>> >>