Hi to all. I keep trying to achieve inspect https. I think I'm close to doing. This is my current configuration relative to ssl-bump.
- # Squid listen Port http_port 192.168.1.215:3128 https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem #always_direct allow all ssl_bump server-first all #sslproxy_cert_error deny all #sslproxy_flags DONT_VERIFY_PEER sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 - - - *Im having this error in firefox.* *when try google.com <http://google.com>* The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate. *or yahoo.com <http://yahoo.com>* https://search.yahoo.com/yhs/search?p=X.509+version+1+ certificates+are+deprecated&ei=UTF-8&hspart=mozilla&hsimp=yhs-005 An X.509 version 1 certificate that is not a trust anchor was used to issue the server's certificate. X.509 version 1 certificates are deprecated and should not be used to sign other certificates. HTTP Strict Transport Security: true HTTP Public Key Pinning: false *MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA* When i create self-signed certificate, i do like this: - openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes *-x509 *-keyout myCA.pem -out myCA.pem so what can i change to avoid the problem??? Thanks to all!!
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
