So....I'm sure those on the list have seen my posts a number of times, usually all questions (sorry I'm not very helpful). That being said, whenever there is something I can't get to work right, or don't understand as well as I think I should, I do kind of a deep dive into it for about a month. I'm going to do that now with Squid. I have NEVER gotten ssl-bump to work right. I have it "sort of" working, but there are some issues I want to address.
So I'm going to start from scratch in a lab environment using a VM as a client, a physical machine with two nics that are bridged and run squid as a transparent proxy, and a physical laptop as the server.
My first question is about properly creating the certs. Looking at:
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
this mentions using crtd, but as I understand it, crtd isn't supported when using transparent proxies. So, with no crtd, as I understand it this is what I'll need:
Server:
Self-signed CA cert (pem) <- used as cafile= in https_port
Intermediate cert signed by the above self signed CA cert (pem) <- used as cert= in https_port
Key file for the self-signed CA cert above (pem) <- used as key= in https_port
Client:
Self-signed CA cert from above (pem) <- in /etc/ssl/certs for linux
Any help, advice, links that would assist in better understanding this first step in ssl-bumping transparently would be wonderful. Thank you.
James
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
