Hey Eliezer, PC browsers non-required automated installers for CA. In it all simple do by JS directly from page. Can you do automated installer for mobile clients? iPhones, Android? For both - mobile browsers and apps as well? The problem is not install proxy CA. The problem is identify client has no proxy CA and redirect, and do it only one time. Splash is perfect idea, but it will execute too often. So, require more elegant solution. 25.03.2018 15:29, Eliezer Croitoru пишет: > Hey Nicolas, > > You can use a "splash page" concept which will contain a test page that will try to verify if the client has the root ca certificate installed. > I have created and published an example at: > https://github.com/elico/ca-cert-test-page > > And a real usage at: > https://cert.rimon.net.il/ > > If the client will first try to access an http site it will work but if the client will try https site it will not work but once the client will get pass the error page he will be able to get instructions on how and what to install. > > Will it work for your environment? > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > -----Original Message----- > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Nicolas Kovacs > Sent: Friday, March 16, 2018 12:37 > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: How to configure a "proxy home" page ? > > Hi, > > I have Squid + SquidGuard + SquidAnalyzer running on my LAN server as a > transparent cache + filtering proxy, and it's working real nicely. > > When a client in my company wants to connect to the wifi, all he or she > has to do is this: > > 1. Connect to http://nestor.microlinux.lan > > 2. Download the nestor.microlinux.lan.der certificate > > 3. Install the certificate in the web browser (Firefox does it > automatically) > > 4. Surf the web > > Now I wonder if there is a way to configure this page as a "proxy home > page" of some sorts. User who don't have the certificate installed > normally get a big fat HTTPS error as soon as they connect to a secure > site. So what I'd like to do is redirect "new" traffic to > http://nestor.microlinux.lan, which also explains what is happening. > > I don't really know how to go about that, or if it is even possible. > Maybe some basic form of authentication ? > > Any suggestion ? > > Cheers, > > Niki -- "C++ seems like a language suitable for firing other people's legs." ***************************** * C++20 : Bug to the future * *****************************
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users