Re: [squid-users] SSL Bump and dynamic SSL generation

From: Walter H. <walter.h_at_mathemainzel.info>
Date: Mon, 12 May 2014 09:26:19 +0200

Hi,

change from server-first to client-first; and your issue is gone;

Walter

On Mon, May 12, 2014 08:41, Tom Holder wrote:
> Hi Amos,
>
> Thanks for that. Yes I understand the legalities, this isn't to
> 'forge' anything. The users are well aware they're not looking at the
> real sites.
>
> The CA will be installed on their systems and they will have to agree
> to it. The issue is that the browser is complaining that the CN does
> not match because my local web server that represents ANY site has a
> catch all CN. Therefore I'm trying to determine a way to generate the
> correct CN before Squid tries to bump the SSL so that the CN is nearly
> correct.
>
> The certificates I generate don't need to look like the original
> because I'm not trying to trick anyone, they just need not to error in
> the browser.
>
> Thanks,
> Tom
Received on Mon May 12 2014 - 07:26:29 MDT

This archive was generated by hypermail 2.2.0 : Mon May 12 2014 - 12:00:05 MDT