On 10.12.19 06:14, aw_wolfe wrote:
Ok, thank you. As you can tell, I'm kinda fumbling my way through setting this up. Re-creating the certification with the openssl command only fixed the issue. Firefox accepted the certification. I think that I would rather not have to do the install certificate on all the browsers. So if I can configure the stare option, that would be my preferred solution. A bit of searching around however, didn't turn up much and I'm a little confused by the different "steps" commands.
so am I...
If you don't mind I'd appreciate a simple 1 or 2 line example or point me in the right direction
and I also plan to log based on SSL client helo (SNI option).
Right now my squid.conf (not including the groups and whitelist part): http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/etc/squid/ssl_cert/ca-key.pem sslcrtd_program /usr/sbin/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB sslcrtd_children 5 ssl_bump server-first all sslproxy_cert_error allow all
if you only want to get the requested server name, forget making certificates at all. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
