Re: [squid-users] SQUID 3.1 + sslBump https interception and decryption

From: Franz Angeli <franz.angeli_at_gmail.com>
Date: Thu, 22 Apr 2010 08:36:08 +0200

> From: Franz Angeli [mailto:franz.angeli_at_gmail.com]
>> I configured one debian box with squid 3.1 (compiling it with ssl
>> support) enabling sslBump feature with a self signed certificate,
>> obviously browser and
>> applications warn about the certificate but all seems to work.
>>
>> Is there a way to use trusted certificate for removing that warning
>> (sorry for this dumb question but some applications doesn't permit
>> certificate exception list like firefox for example)?
>
> If you have the signed certificate for the URL you're developing for,
> then yes, you can use the certificate. For example, if your app is going
> to app.squid-cache.org and you have the signed certificate for
> app.squid-cache.org or *.squid-cache.org, then everything will be happy.
> But, if you're trying to intercept the traffic for a third-party domain,
> no, you can't. The best you can do, is to create your own CA and add the
> public certificate to the browser/application, if it even allows you to.
>

Thank you for the informations

And what about ICAP configuration? Some suggestion?
Received on Thu Apr 22 2010 - 06:36:15 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 22 2010 - 12:00:05 MDT