Re: [squid-users] Intercept HTTPS with dynamic certificate for clients

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 19 Mar 2014 09:52:11 -0600

On 03/19/2014 05:53 AM, Emmanuel LAZARO - S.IM.KO. wrote:
> I am trying to configure squid as a transparent proxy using :
...
> The SquidServeurVeriSign.pem have been signed by verisign.

You need to create a self-signed (a.k.a. Root CA) certificate that is
capable of signing any site certificate. Verisign will not sign your
Root CA certificate so if your certificate is signed by Verisign, then
your certificate is not a Root CA certificate.

Needless to say that a browser with your Root CA certificate installed
will trust any site signed by your Root CA certificate, just like it
trusts any site signed by Verisign now. Be careful!

There are many web pages with instructions on how to create a
self-signed certificate, including a sketch at
http://wiki.squid-cache.org/Features/DynamicSslCert

Alex.
Received on Wed Mar 19 2014 - 15:54:56 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 20 2014 - 12:00:05 MDT