15.11.2016 20:22, Sergio Belkin пишет: > Hi, > > When using something like that: > > http_port 8080 intercept ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB > cert=/home/proxy/ssl_cert/example.com.cert > key=/home/proxy/ssl_cert/example.com.private > > > Is possible to use a certificate generated by a trusted CA? No.
In theory, if you can to force trusted CA to issue subordinate intermediate CA personally to you - yes, it possible. But to force trusted CA to issue subordinate CA personally to you is not possible due to trusted CA's CPS. To do this you should be trusted CA youself. I.e.: Pass audit, has PKI infrastructure, has much money and blah-blah-blah. So, you can't do SSL bump without users notification. > > > Thanks in advance! > -- > -- > Sergio Belkin > LPIC-2 Certified - http://www.lpi.org > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -- Cats - delicious. You just do not know how to cook them.
0x613DEC46.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
