[squid-users] generate-host-certficates from James Lay on 2014-04-16 (squid-users)

From: James Lay <jlay_at_slave-tothe-box.net>
Date: Wed, 16 Apr 2014 20:38:20 -0600

From the squid.conf.documented:

# SSL Bump Mode Options:
# In addition to these options ssl-bump requires TLS/SSL
options.
#
# generate-host-certificates[=<on|off>]
# Dynamically create SSL server certificates for
the
# destination hosts of bumped CONNECT
requests.When
# enabled, the cert and key options are used to
sign
# generated certificates. Otherwise generated
# certificate will be selfsigned.
# If there is a CA certificate lifetime of the
generated
# certificate equals lifetime of the CA
certificate. If
# generated certificate is selfsigned lifetime is
three
# years.
# This option is enabled by default when ssl-bump
is used.
# See the ssl-bump option above for more
information.

I did not find this to be the case and had to add it to my https_ports
line:

https_port bleh:3129 intercept generate-host-certificates=on ssl-bump
cert=/opt/sslsplit/sslsplit.crt key=/opt/sslsplit/sslsplitca.key
options=ALL

Thank you.

James

application/pgp-signature attachment: This is a digitally signed message part

Received on Thu Apr 17 2014 - 02:38:25 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 18 2014 - 12:00:06 MDT