[squid-users] Re: squid as forward proxy for portal run on tomcat

Hi Amos

I found the problem and now it works
Thanks for all your help
I'm posting this for two reasons:
1. I want to get your feedback if the problem is a bug in squid or a problem
in the way I configured it
2. For other squid users that have tried to forward proxy a https portal
that is run on tomcat and have failed as I have.

Just to recap I'm using squid as a forward proxy for both http and https
sites, and the decrypted data is relayed to an icap service where I process
the data.
I've configured squid with ssl-bump as shown in post above and it works for
all sites that I've tried except my own portal that I run on tomcat. The
reason for this was that all sites ssl CONNECT work via port 443 while
tomcat default port is 8443. When I changed my tomcat to work via 443 it
started working.

Below is all configuration and preparation: keys/certs squid.conf etc.

squid.conf (only relevant part)
http_port 3128 ssl-bump key=squidkey.pem cert=squidcert.pem
ssl_bump allow all
sslproxy_cafile /root/security/CA/certs/cacert.pem

From Openssl's library use script CA.sh, make sure to configure openssl.cnf
and path is script to match.
CA.sh -newca
openssl x509 -in CA/certs/cacert.pem -inform PEM -out ca.cert -outform DER

Tomcat configuration
keytool -genkey -alias tomcat -keyalg RSA -keystore tomcat.jks
keytool -certreq -keyalg RSA -alias tomcat -file tomcat.csr -keystore
tomcat.jks
openssl ca -in tomcat.csr -notext -out tomcat.cert
keytool -import -alias myca -keystore tomcat.jks -file ca.cert
keytool -import -alias tomcat -keystore tomcat.jks -file tomcat.cert

Squid key/cert
openssl req -newkey rsa:1024 -keyout squidkey.pem -keyform PEM -out
squidreq.pem -outform PEM -nodes
openssl ca -in squidreq.pem -notext -out squidcert.pem

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-as-forward-proxy-for-portal-run-on-tomcat-tp3383986p3399758.html
Sent from the Squid - Users mailing list archive at Nabble.com.