Search squid archive

Squid 3.5.17 SSL-Bump Step1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

Squid 3.5.17 with SSL, intercept.

I use SSL-Bump only step1 that get SNI and terminate HTTPS sites by domain name. The certificate's is not replaced !

acl blocked_https ssl::server_name  "/etc/squid/urls/block-url"
https_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=/etc/squid/squidCA.pem
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump terminate blocked_https

It works.

But if I use

acl users_no_inet src "/etc/squid/ip-groups/no-inet"
http_access deny users_no_inet

I see NET::ERR_CERT_AUTHORITY_INVALID in browser. I import my squid cert, but I see NET::ERR_CERT_COMMON_NAME_INVALID

Why in this case, the squid trying to replace the certificate?

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux