Thanks for your help Walter, problem is, which I wasn't too clear about, site1.com was just an example. It could be any site that I don't previously know the address for. Therefore, the only thing I can think of is to dynamically generate a self-signed cert. Thanks Tom On Sun, May 11, 2014 at 8:53 PM, Walter H. <Walter.H@xxxxxxxxxxxxxxxxx> wrote: > On 11.05.2014 18:24, Tom Holder wrote: >> >> Hi, >> >> I've configured Squid 3 with SSL bump and dynamic SSL generation and >> it works really well when I use it for just browsing the Internet. >> >> My problem is I'm trying to 'mimic' a live web site and the server >> Squid is on does not have access to the live Internet. >> >> E.g. site1.com doesn't actually go to site1.com on the live Internet >> I'm redirecting it to a local version of site1.com >> >> The problem is dynamic SSL generation and SSL Bump requires connecting >> to the real site1.com to grab the certificate. When it tries to >> connect to my local site1.com there is just a generic SSL I've >> generated with the wrong common name and this causes the browser to >> throw an SSL error. > > you'd have the same problem, without Squid, because then the browser would > try to connect with your fake site1.com; > > install on this site1.com website a cert with correct CN, and everything > works fine; > -- Tom Holder Systems Architect Follow me on: [Twitter] [Linked In] www.Simpleweb.co.uk Tel: 0117 922 0448 Simpleweb Ltd. Unit G, Albion Dockside Building, Hanover Place, Bristol, BS1 6UT Simpleweb Ltd. is registered in England. Registration no: 5929003 : V.A.T. registration no: 891600913
