On 27.09.2012 16:48, Muhammad Panji wrote:
> Dear All,
> I'm trying to implement SSL Bump to block Consumer Gmail while
> allowing corporate Google Apps. I found some threads on archive about
> this topics.
>
> I already setup SSL Bump and I think it's working because when I open
> mail.google.com it already warn for certificate error but when I try
> to add exception the browser said the certificate is OK because I'm
> trying to add certificate from mail.google.com.
Strange. But not related to ssl-bump specifically.
What you should have done is add your custom CA "root" certificate to
the client system so that it trusts any certificate generated using that
CA cert - including the ssl-bump one(s).
DO NOT add trust for the individual bumped certificate(s) to clients.
>
> According to manual from Google. I should create certificate for
> mail.company.com and rewrite the URL to mail.google.com/a/company.com
> and do SSL termination on the proxy. When I try to use
> redirect_program squid crash. Error on Log
>
> Sep 26 19:39:39 localhost (squid): The redirector helpers are
> crashing
> too rapidly, need help!
>
> My redirector script :
>
> ----
> $|=1;
> while (<>) {
> chomp;
> @X = split;
> $url = $X[1];
> if ($url =~ /^https:\/\/mail\.ssp\.hermisconsulting\.com/) {
> print $X[0]."
> https://mail.google.com/a/ssp.hermisconsulting.com/\n";
> } else {
> print $X[0]." \n";
> }
> }
>
> ------
>
> What I missed here, about the redirector and SSL bump itself. please
> advice. Thank you in advance.
There is no relation between the two. That advice was how to do it
*without* ssl-bump. Such that clients connect to
https://mail.ssp.hermisconsulting.com/ and the proxy does all
mail.google.com communications without informing the client that
mail.google.com is involved.
Amos
Received on Mon Oct 01 2012 - 00:57:15 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 12:00:06 MDT