Re: [squid-users] HTTPS traffic in normal transparent proxy from Henrik Nordstrom on 2008-10-15 (squid-users)

From: Henrik Nordstrom <henrik_at_henriknordstrom.net>
Date: Wed, 15 Oct 2008 11:12:01 +0200

On ons, 2008-10-15 at 03:01 -0400, viveksnv_at_aol.in wrote:

> I need to handle the HTTPS request(443) in squid transparent proxy.

Ouch. You are aware that this is not possible without acting as a
man-in-the-middle, sending invalid certificates to the browsers? And
that the users no longer will be able to verify the contacted servers
certificate?

> I am using squid 3.0.
>
> http_port 3128 transparent
>
> https_port 3129.

https_port needs a certificate specified.

> Forward the 80 port request to 3128 and 443 port to 3129.

Ok.

> In debugging mode, squid ready to handle the HTTPS requests.But not
> working. ( Error : take long time and time out)
>
> And also i tried with
>
> https_port 0.0.0.0:3129 cert=/usr/local/squid/CA/servercert.pem
> key=/usr/local/squid/CA/serverkey.pem

You also need to enable transparent interception (transparent option),
just as you did for http_port. If not Squid assumes it's a normal proxy
port.

Regards
Henrik

application/pgp-signature attachment: This is a digitally signed message part

Received on Wed Oct 15 2008 - 09:12:16 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 15 2008 - 12:00:03 MDT