Re: [squid-users] SSL Bump and dynamic SSL generation

From: Tom Holder <tom_at_simpleweb.co.uk>
Date: Sun, 11 May 2014 22:42:59 +0100

Thanks for your help Walter, problem is, which I wasn't too clear
about, site1.com was just an example. It could be any site that I
don't previously know the address for.

Therefore, the only thing I can think of is to dynamically generate a
self-signed cert.

Thanks
Tom

On Sun, May 11, 2014 at 8:53 PM, Walter H. <Walter.H_at_mathemainzel.info> wrote:
> On 11.05.2014 18:24, Tom Holder wrote:
>>
>> Hi,
>>
>> I've configured Squid 3 with SSL bump and dynamic SSL generation and
>> it works really well when I use it for just browsing the Internet.
>>
>> My problem is I'm trying to 'mimic' a live web site and the server
>> Squid is on does not have access to the live Internet.
>>
>> E.g. site1.com doesn't actually go to site1.com on the live Internet
>> I'm redirecting it to a local version of site1.com
>>
>> The problem is dynamic SSL generation and SSL Bump requires connecting
>> to the real site1.com to grab the certificate. When it tries to
>> connect to my local site1.com there is just a generic SSL I've
>> generated with the wrong common name and this causes the browser to
>> throw an SSL error.
>
> you'd have the same problem, without Squid, because then the browser would
> try to connect with your fake site1.com;
>
> install on this site1.com website a cert with correct CN, and everything
> works fine;
>

-- 
Tom Holder
Systems Architect
Follow me on: [Twitter] [Linked In]
www.Simpleweb.co.uk
Tel: 0117 922 0448
Simpleweb Ltd.
Unit G, Albion Dockside Building, Hanover Place, Bristol, BS1 6UT
Simpleweb Ltd. is registered in England.
Registration no: 5929003 : V.A.T. registration no: 891600913
Received on Sun May 11 2014 - 21:43:06 MDT

This archive was generated by hypermail 2.2.0 : Mon May 12 2014 - 12:00:05 MDT