ons 2008-07-30 klockan 23:32 -0700 skrev Serge Egelman:
> I'm trying to set up squid to forward SSL connections. I previously had
> it set up just as logging proxy for conducting laboratory usability
> studies (we would configure the browsers on our lab machines to use the
> proxy, then I could check the logs afterwards to see where people were
> going). So I know it works for a minimal configuration. I'm working on
> a study now where I need to inject a self signed certificate into an SSL
> session (I'm looking at warning messages), but can't seem to get squid
> configured correctly (the idea is that we'll have the lab machines use
> configured to use the proxy again).
To unwrap SSL and apply your own certificates when running as a proxy
you need the sslBump feature making Squid intercept CONNECT requests and
terminate the SSL locally. But it's unrelated from Squid opening the
port.
As you seem to have the SSL keys encrypted you need to either start
Squid interactively using the -N command line option, or tell Squid how
to retreive the SSL key encryption password by using the
ssl_password_program directive in squid.conf.
To avoid this most people keeps the keys unencrypted on the server to
avoid the administrative burden of having to enter the password on each
restart (including unplanned restarts..). To decrypt a encrypted key use
the following command:
openssl rsa -in encrypted.pem -out unencrypted.pem
Regards
Henrik
Received on Thu Jul 31 2008 - 11:02:41 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 31 2008 - 12:00:05 MDT