Search squid archive

Re: ssl-bump and accel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



because the destination IP is the actual machine IP.
eg: /etc/hosts
mail.google.com 10.0.0.250

that at 10.0.0.250

as for the ssl certificate, I hope to self sign with a made up root CA.

Nir.


On Tue, Jan 5, 2016 at 9:44 PM, Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> wrote:
On Tuesday 05 January 2016 at 20:30:06, Nir Krakowski wrote:

> how can you combine accel proxy with ssl-bump ?

Have you looked at http://www.squid-cache.org/Doc/config/http_port/ ?

You put the certificate (which would normally be on the web server) on the
Squid server (because that's the machine terminating the request, as far as
the client is concerned).

You can have the connection between Squid and the real web server be HTTP (if
it's over a secure network) or HTTPS, as you wish.

If you don't own the certificate (and therefore can't put it, and it's
corresponding private key, on the Squid server), then why are you doing
accelerator mode?


Antony.

--
Most people have more than the average number of legs.

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux