[squid-users] 4.9 https isue...unable import certificate in browser

I have squid 4.9 built with https support in which I created a certificate following tutorial. Squid starts, appears to be running fine. http whitelist with user groups workingtrying to add https support. copy/paste from example of what I did to create certificate. openssl req -new -newkey rs

Re: [squid-users] 4.9 https isue...unable import certificate in browser

On 10.12.19 05:19, aw_wolfe wrote: I have squid 4.9 built with https support in which I created a certificate following tutorial. Squid starts, appears to be running fine. http whitelist with user groups workingtrying to add https support. copy/paste from example of what I did to create cert

Re: [squid-users] 4.9 https isue...unable import certificate in browser

Ok, thank you. As you can tell, I'm kinda fumbling my way through setting this up. Re-creating the certification with the openssl command only fixed the issue. Firefox accepted the certification. I think that I would rather not have to do the install certificate on all the browsers. So if I can

Re: [squid-users] 4.9 https isue...unable import certificate in browser

On 10.12.19 06:14, aw_wolfe wrote: Ok, thank you. As you can tell, I'm kinda fumbling my way through setting this up. Re-creating the certification with the openssl command only fixed the issue. Firefox accepted the certification. I think that I would rather not have to do the install certific

Re: [squid-users] Squid Proxy SSL Bump can not retrieve SSL session back to the client?

On 12/9/19 12:56 PM, GeorgeShen wrote: > and at the end, it is also saying security_file_certgen crashes rapidly!!! I would ignore anything that happens _after_ you press ^C (i.e. send Squid a shutdown signal). While a shutdown should not "crash" any helpers, that is not the problem you are curre

[squid-users] HTTPS interception proxy having issues

Hi! I am trying to set up a HTTPs intercept proxy but I cannot get it to work. Can someone point me in the right direction? I tried following the tutorial @ https://www.youtube.com/watch?v=Bogdplu_lsE (Transparent HTTP+HTTPS Proxy with Squid and iptables) for squid file. and https://github.com/di

Re: [squid-users] 4.9 https isue...unable import certificate in browser

On 12/10/19 6:19 AM, aw_wolfe wrote: > I have squid 4.9 built with https support in which I created a certificate > following tutorial. Squid starts, appears to be running fine. http whitelist > with user groups workingtrying to add https support. > > copy/paste from example of what I did to c

Re: [squid-users] one site not working

Dear Amos, Thanks for the quick reply. Yes its an old version as I use to install using yum.I will upgrade as you said and check it out thanks once again Regards simon On Tuesday, December 10, 2019, 10:57:47 AM GMT+3, Amos Jeffries wrote: On 10/12/19 5:52 am, simon ben wrote: > Dear A

[squid-users] Sibling peer cache not working, ver 3.5.27

Hi, I got some problems in working with squid when writing a network experiment that involves squid-proxy. The topology is something looks like this: The basic idea of the topology is that two squid proxies were se

Re: [squid-users] Sibling peer cache not working, ver 3.5.27

Sent the unfinished mail accidentally. The body of the mail now is updated from the original one. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing list squid-users@lists.squid-cache.or

Re: [squid-users] Squid Proxy SSL Bump can not retrieve SSL session back to the client?

I'm running the squid latest from download site. 4.9 Ok, i suspect that was related to my ^C running the process in foreground, but I also see before that there are warning messages in the log: 2019/12/09 19:23:12.116 kid1| WARNING: /usr/local/squid/libexec/security_file_certgen -s /usr/local/squid

[squid-users] Is there a scalable way in SSL-Bump forwarding client's certificate to server?

Hi, I've seen some post saying there is a way to configure the squid proxy to get the client certificate. But to be scalable (assume it has many https clients) I'm wonder if the proxy can ask for the client certificate and modify that certificate in negotiating the session with the server; just li

Re: [squid-users] Is there a scalable way in SSL-Bump forwarding client's certificate to server?

On 12/10/19 10:08 PM, GeorgeShen wrote: > I've seen some post saying there is a way to configure the squid proxy to > get the client certificate. Yes, look for "client certificate" in your squid.conf.documented. > But to be scalable (assume it has many https clients) If you are implying that

Re: [squid-users] Sibling peer cache not working, ver 3.5.27

For cache digest requests between two interception squid proxies, it will actually display "forward loop detection" in the cache.log and the last Via host for that query(cache-digest-db) is itself. So is it also the root cause why the cache-miss forwarding between two proxies is not working? Since

Re: [squid-users] Is there a scalable way in SSL-Bump forwarding client's certificate to server?

>Yes, look for "client certificate" in your squid.conf.documented. Ok. for the 'clientca=' and 'tls-cafile=', is the purpose for proxy to verify the client cert again this list before allow the connection to go further? or it can use those client certificate also for other things? Also the RFC TL

[squid-users] A patch for intercepted/WCCP HTTPS and 409 errors

Hi, I understand that squid does some security checking that the SNI of an intercepted/WCCP HTTPS requests matches the reverse DNS of the IP of the connection. Or something like that. However with the prevalence of CDNs and badly configured DNSs and geographic DNSs, this breaks lots of connec