I would like to install squid proxy with SSL bump, I am working on my Virtual lab and once everything is ok I will Test it on the real network. I already created I directory for the cert and generated the cert as below: #Generate Private Key openssl genrsa -out MSY.com.private 2048 # Create Certificate Signing Request openssl req -new -key MSY.com.private -out MSY.com.csr # Sign Certificate openssl x509 -req -days 3652 -in MSY.com.csr -signkey MSY.com.private -out MSY.com.cert # Generate certificate cache /usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db # Change ownership of the certificate cache chown squid: /var/lib/ssl_db then I fill the info and put the 'Common Name' something other than the domain or server_name. in addition, please find the below lines from the squid configuration file: # Squid listen Port http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/MSY.com.private cert=/etc/squid/MSY.com.cert # SSL Bump Config always_direct allow all ssl_bump server-first all sslproxy_cert_error deny all sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 and it’s not working with SSL bump configuration, it work only when I remove the ssl bump configuration but for sure without ssl certificate. also i check the journalctl -xe and found the below error: /etc/squid/squid.conf:3 unrecognized: 'ssl-bump' any ideas ? Regards |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
