On Wednesday 24 August 2016 at 14:26:48, Yuri Voinov wrote: > 24.08.2016 18:23, Antony Stone пишет: > > On Wednesday 24 August 2016 at 14:18:46, Yuri Voinov wrote: > >> No one CA do not issue signing CA for subject, which is not CA itself. > >> > >> So, op wants impossible thing. > > > > Why would one need a signING certificate just to create an SSL connection > > between the browser and Squid? > > > > Surely one merely needs a valid signED certificate, same as you would > > put on a web server to set up secure connections to it? > > > > OP is not intercepting secure traffic, nor making HTTP sites look to > > the browser like HTTPS ones. > > Then I do not understand what he wants op. He wants to configure his browser to connect to the proxy over an SSL connection, and then inside this secure connection send standard HTTP and HTTPS requests, just as a browser would do over an unsecured connection to the proxy on Squid's standard port 3128. It's nothing to do with whether either the client or the destination server believe the web content itself to be secured with SSL/TLS. See "Encrypted browser-Squid connection" at the bottom of http://wiki.squid-cache.org/Features/HTTPS Antony. -- Archaeologists have found a previously-unknown dinosaur which seems to have had a very large vocabulary. They've named it Thesaurus. Please reply to the list; please *don't* CC me. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
