Search squid archive

Re: Using a static wildcard certificate with ssl-bump in explicit forward proxy mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26/01/19 5:51 am, Bill Bernsen wrote:
> Hi,
> 
> I have squid running as an explicit forward proxy on the
> host example.com <http://example.com/> controlling access to all hosts
> in *.example.com <http://example.com/>. All the hosts in *.example.com
> <http://example.com/> have self-signed certificates that I want to
> appear as trusted to user browsers. I don't have the option of obtaining
> a trusted CA. I do, however, have a trusted wildcard certificate for
> *.example.com <http://example.com/> available. Is there a way that I can
> tell squid to present this static wildcard certificate to clients in
> lieu of all upstream server certificates?


As a forward proxy clients are *not* connecting to any of the
*.example.com domains. They are connecting to your proxy hostname - and
telling it to take care of the origin connections. So all clients need
is trust for the CA which signed the proxy's certificate.

The proxy is the only agent in the path which needs to trust the
wildcard *.example.com certificate.


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux