On Thursday 30 June 2016 at 10:53:57, info@xxxxxxxxxxxxxxxxxxxxx wrote: > What I'm trying to do now is to use an external certificate from a > trusted certificate authority (in this case I'm using a free SSL > certificate from comodo), but I can't see my certificate in the > certificates list when enabling SSL Man in the middle. I can only see > CA's, which are certificate authorities, but when I upload comodo's Root > CA certificate and select it, service does not start. Throws this error: > > Jun 30 08:52:40 squid No valid signing SSL certificate configured > for HTTP_port 192.168.1.1:3128 > > Does Squid not accept a SSL Certificate from external authorities or am > I missing something? Squid would be quite happy to accept a certificate from external authorities, but you will never get one. You're missing the significance of the word "signing" in that error message. What you have from Comodo is a signED certificate (and you also have the CA certificate to prove that they signed it). What you do not have is a signING certificate (together with the accompanying private key) to be able to create and sign certificates on the fly, which is what Squid does for SSL MITM interception. You will never get an appropriate key and certificate for this purpose from an external CA, because if they gave you those, you could forge certificates for any website on the Internet and their trust model would collapse. SSL MITM has to be done with a self-signed certificate, and a self-generated CA certificate on the clients. Antony. -- Python is executable pseudocode. Perl is executable line noise. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users