Search squid archive

Re: Using CA signed certificate for SSL bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey,

How should that work? That would require an ca to sign your selfsigney ca to be able to issue valid public certs for all websites. If that would be possible, then the whole concept of ssl security would be worth nothing. You cant create valid certificates for such websites. You can only issue certs that are valid in your organisation only. Therefore the selfsigned ca needs to be trusted by your clients by adding it in the trust root authorities. There is no other way, wait, there is, do not try to intercept ssl secured connections. So you cant look in the traffic as it is supposed to be. Or break it and live with the needs required for this. If you have no valid reason to intercept sich traffic then just dont do it.

Am 5. September 2018 09:02:45 MESZ schrieb Arshad Ansari <arshadansari@xxxxxxx>:

Hi All,

 

I have setup squid 4.2 for forward proxy and caching. It is working fine when I am using self-signed certificate for SSL bump.

 

However, our security requirement is to use only CA signed certificate and not self-signed certificate.

 

I have tried various options like using Https and intercept but nothing seems to be working.

 

My question is does SSL work with CA signed certificate?

 

Regards,
Arshad


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux