I send back my post because i'm not sur it is sent...
Ok thanks all !
I haven't in control of clients so it's the real problem, i can't
install certificate on their smartphone ^^.
So according to you, if i create a CA with openssl, and create a
certification signing request (.csr) with a private key, and if i send
my csr to a trusted authority to sign it, i could use it in squid
without problem, then clients wouldn't have any warning ?
I would like to be sure to avoid every problem.
2014-05-28 2:47 GMT-04:00 Alex Crow <alex_at_nanogherkin.com>:
>
> On 28/05/14 03:43, Amos Jeffries wrote:
>>
>> On 28/05/2014 8:19 a.m., Antoine Klein wrote:
>>>
>>> I want to bump ssl connections, but without produce a warning of course.
>>>
>>> I read it is possible to generate a request of certification with a
>>> key and send this file to an authority to sign it, do you know that ?
>>
>> Having your cert signed by a widely trusted certificate authority is one
>> thing, and the basis of how TLS/SSL works.
>>
>> SSL-bump cannot be used with that type of key for the reasons Alex
>> already mentioned. He also mentioned the steps you have to take instead
>> to get it going.
>>
>> Amos
>>
>
> Hi Antoine,
>
> You need to be a CA, ie have the CA private key, to be able to do this. If
> you are in control of the clients and know how to use OpenSsl to create a CA
> you can do this without paying any money to anyone. You simply create the CA
> and use it and its private key in your ssl-bump configuration.
>
> http_port 3128 sslBump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl_cert/proxy.pem
>
> proxy.pem is your private key and CA certificate concatenated.
>
> sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
>
> The above line configures the crtd helpers that actually generate the certs
> for the requests, see http://wiki.squid-cache.org/Features/DynamicSslCert
>
> Cheers
>
> Alex
-- Antoine KLEINReceived on Wed May 28 2014 - 14:55:13 MDT
This archive was generated by hypermail 2.2.0 : Wed May 28 2014 - 12:00:06 MDT