Re: [squid-users] squid SSL from kkk kkk on 2011-06-24 (squid-users)

From: kkk kkk <fafafa888_at_gmail.com>
Date: Fri, 24 Jun 2011 04:04:59 -0400

If you want to proxy the HTTPS connection, the only method is to
generate your own SSL certificate. However, your client will see a
warning page on every HTTPS page.

1. Make sure you have OPENSSL installed
2. Generate your own SSL certificate:
openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout
www.sample.com.pem -out www.sample.com.pem
3. Configure your squid setting:
http_port 3128 intercept
https_port 39999 intercept cert=/etc/squid/www.sample.com.pem (the
path to your own certficate)
4. Forward port 80 to 3128 and port 443 to 39999 (You can choose your own ports)
5. Done. Now you should be able to access HTTPS with a warning message
of mismatching SSL certificate.

inspiration from
http://dvas0004.wordpress.com/2011/03/22/squid-transparent-ssl-interception/
I changed few things because the original method didn't work for me.
This method works 100% because I just tried it today.

Nick

On Sat, Jun 18, 2011 at 1:23 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 18/06/11 15:32, Ivan Matala wrote:
>>
>> this is want i want to achieve:
>>
>> i have a server and i want all ports to be forwaded to a remote squid
>> proxy.. i want udp and tcp ports starting from 1:65535. is it
>> possible?
>
> No.
>
> Squid is an HTTP proxy. Only HTTP (TCP port 80) traffic is accepted for
> proxy relay or interception.
>
> With difficulty and much user annoyance some people also manage port 443.
> Which is encrypted, but still has HTTP protocol formatting.
>
>>
>> this means,, all yahoo messenger traffic, games, skype will be
>> forwarded to squid.
>>
>> thanks
>>
>> On Fri, Jun 17, 2011 at 8:27 AM, Amos Jeffries wrote:
>>>
>>> On 18/06/11 02:33, Ivan Matala wrote:
>>>>
>>>> how can i configure squid SSL?
>>>>
>>>> coz when i go to gmail.com, facebook.com, their require ssl support. i
>>>> got ssl error.
>>>>
>>>> pls help
>>>>
>>>> what should i do?
>>>
>>> You should start by telling us what the error is please.
>>>
>>> Note that HTTPS is by default relayed directly over Squid without being
>>> touched. So the error should be something in your browser or the website
>>> its
>>> contacting.
>>> The error message will help us point you at what more to look at.
>>>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.12
> Beta testers wanted for 3.2.0.8 and 3.1.12.2
>
Received on Fri Jun 24 2011 - 08:05:06 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 24 2011 - 12:00:03 MDT