Re: [squid-users] Intercept HTTPS with dynamic certificate for clients

From: Emmanuel LAZARO - S.IM.KO. <em.lazaro_at_simko.fr>
Date: Mon, 24 Mar 2014 12:29:17 -0300

Hi again,

In addition i can say this problem (sec_error_unknown_issuer) appears when i am using a "real" certificate from verisign who is well known by the web browser.

I readed here : http://squid-web-proxy-cache.1019090.n4.nabble.com/Need-help-on-SSL-bump-and-certificate-chain-td4659421.html

That i can't do what i want with a signed certificate from a known authority.

So i try using a self signed certificate but it doesn't work with the error : sec_error_untrusted_issuer

Le 24 mars 2014 à 11:48, Emmanuel LAZARO - S.IM.KO. <em.lazaro_at_simko.fr> a écrit :

> Hi all,
>
> I get on the web browsers : Code d'erreur : sec_error_unknown_issuer
>
> Can someone help me ?
>
>
> Le 19 mars 2014 à 08:53, Emmanuel LAZARO - S.IM.KO. <em.lazaro_at_simko.fr> a écrit :
>
>> Hi all,
>>
>> I am using Squid 3.4.4 on debian wheezy compiling the sources.
>>
>> I am trying to configure squid as a transparent proxy using :
>>
>> https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/CertifSignature/SquidServeurVeriSign.pem key=/etc/squid3/CertifSignature/Squid.key
>>
>> The SquidServeurVeriSign.pem have been signed by verisign.
>>
>> How can i avoid the alerts on firefox or safari (i am in a mac osx environment) because the alerts are spoting on every https pages :
>>
>> "Connexion not certified
>>
>> You asked firefox to connect... we can't confirm the connexion is secured...website identity can't be verified."
>>
>> Sry for the translation...
>>
>> Can someone help me ?
>>
>> NB : I imported the root certificate in my firefox.
>> ------
>>
>> LAZARO Emmanuel
>
Received on Mon Mar 24 2014 - 15:29:27 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 26 2014 - 12:00:05 MDT