Hi all! Please help me with ssl bump configuration in interception mode. I'm have this config ... https_port 192.168.113.19:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/sq uid/proxy02_chain.crt key=/etc/squid/proxy02.key acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump stare all ssl_bump bump all ssl_bump splice all step3 ... My proxy certificate released by subca, i.e CA - SubCA - Proxy. On my workstations CA cert add in trusted CA store, but in this configuration browser write "Not check certificate chain" If i'm change conf to ... ssl_bump bump all ssl_bump stare all ssl_bump splice all step3 ... I'm get error "The security certificate presented by this website was issued for a different website's address", but certificate chain is trust, i.e I'm view chain CA - SubCA - Proxy - site ipaddr. Also if I'm change conf to ... https_port 192.168.113.19:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/sq uid/proxy02_chain.crt key=/etc/squid/proxy02.key ssl_bump server-first all ... All works. But not all sites. OS - Centos6.7, squid - 3.5.7 from www1.ngtech.co.il repo PS Sorry for bad English. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
