Hi, i want squid to create dynamic ssl certificates in intercept mode, which works, but squid uses ip-addresses for the certificates of the site, not the host name. Does anybody know why this happens? squid.conf: ############################ cache_effective_user squid cache_effective_group squid #acl localhost src 127.0.0.1/32 ::1 acl localnet src 192.168.42.0/24 acl blocknet src 192.168.42.10-192.168.42.50 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT ssl_bump client-first all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER always_direct allow all http_access allow all http_port 192.168.42.1:3128 intercept sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/ssl_db -M 4MB sslcrtd_children 5 https_port 192.168.42.1:3127 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem ############################ Thank you!
