Hi,
I'm new to Squid, and having trouble getting SSL filtering work.
I
have a blanket block setup with Squid as Transparent proxy where access
it allowed only to github.com. But, squid generates certificates for IP
address instead of domain name and SSL validation fails.
Squid version:
3.5.25-20170408-r14154When I use curl (I have imported my self signed SSL to the certificate store)
curl: (51) SSL: certificate subject name (192.30.255.112) does not match target host name 'github.comHow to configure properly to splice a whitelist and block all other domains. Below is my current configuration
http_port 3128
http_port 3129 intercept
https_port 3130intercept ssl-bump enerate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/myca.pem key=/etc/squid/ssl_certs/myca.pem
acl whitelist ssl::server_name .github.com
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice whitelist
ssl_bump bump all
Please help me fixing the issue.
thanks,
Shan_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
