Hi to all.
I keep trying to achieve inspect https. I think I'm close to doing. This is my current configuration relative to ssl-bump.
- # Squid listen Porthttp_port 192.168.1.215:3128https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=
4MB cert=/etc/squid/ssl_cert/myca. pem key=/etc/squid/ssl_cert/myca. pem #always_direct allow allssl_bump server-first all#sslproxy_cert_error deny all#sslproxy_flags DONT_VERIFY_PEERsslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MBsslcrtd_children 8 startup=1 idle=1 - Im having this error in firefox.
when try google.com
The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.
or yahoo.com
An X.509 version 1 certificate that is not a trust anchor was used to issue the server's certificate. X.509 version 1 certificates are deprecated and should not be used to sign other certificates.
HTTP Strict Transport Security: true
HTTP Public Key Pinning: false
MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA
When i create self-signed certificate, i do like this:
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
so what can i change to avoid the problem???
Thanks to all!!
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
