SSL Bump with valid CA

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL Bump with valid CA

afranoux

Hello,

 

I’m student in computer lab and i finish a squid 3.5.19  with SSL-bump with self signed certificat in intercept mode (work well).

Now i need to try to configurate squid with a non self-signed certificate

 

My gait:

 

openssl genrsa 2048 > redrocks.key

openssl req -new -key redrocks.key > redrocks.csr

 

after a visit to StartSSL in “Client S/MIME and Authentication Certificate” i receive crt

 

openssl pkcs12 -export -in redrocks.crt -inkey redrocks.key -out redrocks.p12

openssl pkcs12 -in redrocks.p12 -nodes -out redrocks.pem

 

 

squid.conf:

 

http_port 3128 intercept

https_port 3129 intercept ssl-bump \

                generate-host-certificates=on \

                dynamic_cert_mem_cache_size=4MB \

                cert=/etc/squid/ssl_cert/redrocks.pem \

                key=/etc/squid/ssl_cert/redrocks.pem

 

To read you,

 

Cordially

 

Arnaud

 

 

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL Bump with valid CA

Alex Crow



>
> Now i need to try to configurate squid with a non self-signed certificate
>

This is impossible, as you don't have access to the CA's signing key,
for very good reason (you could create certs for any site in the world
and it would be trusted by any browser that trusts StartSSL's CA).

You can ask them for it and see what they say, but be prepared for a
rude response!

Cheers

Alex


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users