Dear all,
I have enabled my proxy for transparent SSL Mitm proxying. Traffic for
destination tcp 443 is DNAT'ed to localhost:8443 through iptables.
This part is working. I am able to browse the internet sites. For each
SSL site, for once, browser gives a warning of Mitm. It should, of
course.
However I want to learn the way to remove any warning by through
manually adding a certificate to Trusted Key Store of Internet
Explorer or Firefox.
Squid conf param:
https_port 8443 cert=/etc/squid/certs/sslfilter.crt
key=/etc/squid/certs/sslfilter.key protocol=https accel vhost
defaultsite=google.com
The way I have created the certificate and key:
openssl genrsa -rand
/proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime
1024 > /etc/squid/certs/sslfilter.key
cat << EOF | openssl req -new -key /etc/squid/certs/sslfilter.key
-x509 -days 1825 -out /etc/squid/certs/sslfilter.crt
TR
ANK
Ankara
Info
Customer IT
SSL Filtering Proxy
support_at_domain
EOF
Regards,
-- Oguz YILMAZReceived on Tue Dec 14 2010 - 08:32:17 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 15 2010 - 12:00:02 MST