Search squid archive

dynamic ssl certificate generation - ip addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
i want squid to create dynamic ssl certificates in intercept mode, which works, but squid uses ip-addresses for the certificates of the site, not the host name.
 
Does anybody know why this happens?
 
squid.conf:
############################
cache_effective_user squid
cache_effective_group squid
 
#acl localhost src 127.0.0.1/32 ::1
acl localnet src 192.168.42.0/24
acl blocknet src 192.168.42.10-192.168.42.50
 
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
 
ssl_bump client-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
always_direct allow all
 
http_access allow all
 
http_port 192.168.42.1:3128 intercept
 
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/ssl_db -M 4MB
sslcrtd_children 5
 
https_port 192.168.42.1:3127 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
############################
 
Thank you!





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux