Hi,
i want squid to create dynamic ssl certificates in intercept mode, which works, but squid uses ip-addresses for the certificates of the site, not the host name.
Does anybody know why this happens?
squid.conf:
############################
cache_effective_user squid
cache_effective_group squid
#acl localhost src 127.0.0.1/32 ::1
acl localnet src 192.168.42.0/24
acl blocknet src 192.168.42.10-192.168.42.50
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
ssl_bump client-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
always_direct allow all
http_access allow all
http_port 192.168.42.1:3128 intercept
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/ssl_db -M 4MB
sslcrtd_children 5
https_port 192.168.42.1:3127 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
############################
Thank you!
Received on Fri Nov 01 2013 - 04:11:25 MDT
This archive was generated by hypermail 2.2.0 : Fri Nov 01 2013 - 12:00:07 MDT