Márcio Luciano Donada escreveu:
> Guy Helmer escreveu:
>
>>> I am also conducting tests with the sslbump but driving in firewall
>>> (iptables) https connection to the squid. I am using in squid.conf as
>>> follows:
>>>
>>> http_port 3128 transparent sslBump cert = / etc/squid3/ssl/cacert.pem
>>> key = / etc/squid3/ssl/privkey.pem
>>>
>>> Even in directing the browser to https proxy server's IP is not working.
>>> Some ideas? I am using the version 3.HEAD-CVS
>>>
>> It is not possible to transparently proxy HTTPS through the http_port
>> because the connection starts as SSL, not plaintext HTTP that the
>> http_port expects.
>>
>> You would need an https_port command, like:
>>
>> https_port 3129 transparent sslBump cert=... key=...
>>
>> and then set your iptables configuration to forward port 443 packets to
>> squid's 3129 port for transparent HTTPS proxying.
>>
>> Hope this helps,
>> Guy
>>
>
Thank you for your reply Guy. I think I'm now on the way, but I had a
problem and the log (cache.log) the following error:
Ignoring https_port 0.0.0.0:3129 initialization failure due to SSL
My squid.conf configuration is:
https_port 3129 transparent sslBump cert=/etc/squid3/ssl/cacert.pem
key=/etc/squid3/ssl/privkey.pem.
Generation keys:
openssl genrsa -des3 -out privkey.pem 2048
openssl req -new -x509 -nodes -key privkey.pem -out cacert.pem -days 3650
Some ideas?
-- Márcio Luciano Donada <mdonada at auroraalimentos dot com dot br> Aurora Alimentos - Cooperativa Central Oeste Catarinense Departamento de T.I.Received on Fri Aug 15 2008 - 16:15:19 MDT
This archive was generated by hypermail 2.2.0 : Sat Aug 16 2008 - 12:00:03 MDT