On 11.05.2014 18:24, Tom Holder wrote:
> Hi,
>
> I've configured Squid 3 with SSL bump and dynamic SSL generation and
> it works really well when I use it for just browsing the Internet.
>
> My problem is I'm trying to 'mimic' a live web site and the server
> Squid is on does not have access to the live Internet.
>
> E.g. site1.com doesn't actually go to site1.com on the live Internet
> I'm redirecting it to a local version of site1.com
>
> The problem is dynamic SSL generation and SSL Bump requires connecting
> to the real site1.com to grab the certificate. When it tries to
> connect to my local site1.com there is just a generic SSL I've
> generated with the wrong common name and this causes the browser to
> throw an SSL error.
you'd have the same problem, without Squid, because then the browser
would try to connect with your fake site1.com;
install on this site1.com website a cert with correct CN, and everything
works fine;
This archive was generated by hypermail 2.2.0 : Mon May 12 2014 - 12:00:05 MDT