On 2023-09-28 00:52, Bud Miljkovic wrote:
# Intercept tranparent HTTPS traffic
https_port 3129 intercept ssl-bump ssl_bump splice all
This should be refactored into two lines:
https_port 3129 intercept ssl-bump ...
ssl_bump splice all
After that, replace "..." above with cert=... and, optionally, other
ssl-bump parameters from your other "https_port 3129" line below.
# Add certificate
https_port 3129 intercept ssl-bump ...
Remove these lines: The https_port directive does not support "adding"
options to previously configured port. Use a single https_port directive
per port. Same for http_port, of course.
HTH,
Alex.
https_port 3129 intercept ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /var/lib/ssl_db -M 4MB
#Visible hostname
visible_hostname ctct-r2
```
When the `squid.service` is started the following output is printed:
```
Sep 28 16:17:04 ctct-r2 systemd[1]: Started Squid Proxy Server (OTA Mode).
Sep 28 16:17:04 ctct-r2 squid[1059]: No valid signing SSL certificate
configured for HTTPS_port [::]:3129
Sep 28 16:17:04 ctct-r2 squid[1059]: FATAL: No valid signing SSL
certificate configured for HTTPS_port [::]:3129
Sep 28 16:17:04 ctct-r2 squid[1059]: Squid Cache (Version 3.5.25):
Terminated abnormally.
Sep 28 16:17:04 ctct-r2 squid[1059]: CPU Usage: 0.040 seconds = 0.030
user + 0.010 sys
Sep 28 16:17:04 ctct-r2 squid[1059]: Maximum Resident Size: 38656 KB
```
Any lead is greatly appreciated.
Buda
--
Budimir Miljković BSc E | He
Senior Development Engineer
Civil Construction Field Systems
Trimble
11-17 Birmingham Drive, Christchurch, Canterbury, 8024
New Zealand
+64 3 963-5550 Direct
+64 21 419-024 Mobile
www.trimble.com <http://www.trimble.com>
This email may contain confidential information that is intended only
for the listed recipient(s) of this email. Any unauthorized review, use,
disclosure or distribution is prohibited. If you believe you have
received this email in error, please immediately delete this email and
any attachments, and inform me via reply email.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users