|
Hi, I have same problem, and I need to use trusted CA certificates, so what is the solution? I have a squid 3.5.20 used for multiple domains, multiple backends, using both HTTP and HTTPS. Actually, the HTTP configuration is OK, the backends are OK with HTTPS, trusted certificates, verified with wget https://..... acls rules are OK, sending each request according to the domain
to the right backend. I need to add trusted certificates for some domains. I found that
I could do that using http_port XXX.XXX.XXX.XXX:443 where I have
different IPs, each by certicate. But I must say that I am really lost in all options, I have
googled for days, I tried a lot of settings ssl_bump, intercept,
self-signed certificates, Trusted certificates,...., I saw
differences between old versions and 3.5, and I can't make any
working.. So questions: 1/ Should I set up the squid certificate with ONLY self-signed,
or there is a way to use Trusted certificates? So if only
self-signed, the user will be always forced to accept the
self-signed certificate on first time? not really good for
commercial sites. 2/ Should the backend cache_peer set as ssl on port 443, or could it be simple http 80 (backends are internal VMs onto the same server, no external network between squid and backends)? 3/ Will the acls rules work OK to affect each request to the
right backend according to domain, even in HTTPS? 4/ Do you know some clear and easy howto, examples, for such
settings, from where I could get how to do? Patrick Le 15/11/2016 à 18:30, Yuri Voinov a
écrit :
15.11.2016 22:28, Alex Crow пишет:On 15/11/16 16:22, Yuri Voinov wrote:You can if you have control over the clients, ie install your CA into the browser/OS.... and this can be illegal ;)YMMV (depending on where you live/work)!AFAIK Spying for users without they agreement illegal anywhere.-- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. This email is not intended to, nor should it be taken to, constitute advice. The information provided is correct to our knowledge & belief and must not be used as a substitute for obtaining tax, regulatory, investment, legal or any other appropriate advice. "Transact" is operated by Integrated Financial Arrangements Ltd. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856). _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
