Hi,
I need to set-up a forward proxy using relayd with ssl.
My /etc/relayd.conf:
prefork 1
http protocol httpfilter {
       return error
       pass
       match label "Prohibited!"
       block url "social.network.example.com/"
       # New configuration directives for SSL Interception
       ssl ca key "/etc/ssl/private/ca.key" password "zdapi321"
       ssl ca cert "/etc/ssl/ca.crt"
}
relay sslinspect {
       listen on 127.0.0.1 port 3128 ssl
       protocol httpfilter
       forward with ssl to destination
}
The password is correct (btw, wouldn't be useful a password-less option?).
And in my /etc/pf.conf I have:
# Divert incoming HTTPS traffic to relayd
pass in on $ext_if inet proto tcp to port 443 divert-to localhost port 3128
Certificate and key were generated using command (with above password):
$ sudo openssl req -x509 -days 365 -newkey rsa:2048 -keyout
/etc/ssl/private/ca.key -out /etc/ssl/ca.crt
however when executing :
$ sudo /usr/sbin/relayd -vv -d -f /etc/relayd.conf
startup
socket_rlimit: max open files 1024
relay_load_certfiles: using ca certificate /etc/ssl/ca.crt
socket_rlimit: max open files 1024
relay_load_certfiles: using ca key /etc/ssl/private/ca.key
/etc/relayd.conf:39: cannot load certificates for relay sslinspect
no actions, nothing to do
hce exiting, pid 26488
ca exiting, pid 30372
pfe exiting, pid 11774
relay exiting, pid 12430
System: 5.6/amd64
Why the certificate cannot be loaded?
Thanks,
/Bogdan
