Search squid archive

sslbump and caching of generated cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So far as I know, hen sslbump is enabled for a port, for each dns name, squid save a cert generated according to dns name and signing key (from http_port configuration). So the next time, the generated cert can be fetched if the same dns host and configured signing key.

Now  have a question on this:


http_port 10045 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/opt/bg/deploy/squid/etc/mydlp/ssl/key_10045.pem cert=/opt/bg/deploy/squid/etc/mydlp/ssl/cert_10045.pem

http_port 10046 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/opt/bg/deploy/squid/etc/mydlp/ssl/key_10046.pem cert=/opt/bg/deploy/squid/etc/mydlp/ssl/cert_10046.pem


I have two ports configured with SSLBUMP. Each port has its own CA signing key. The desired behavior is that, for the hostname www.foo.com, the certificate generated for the port should use key_10045, and the certificate generated for the port should use key_10046. It seems OK. 


But, if we look at the ssl_db, only the last generated certificate is cached for www.foo.com. Is it possible to cache the generated certificates by the host and signing key?


Alex

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux