hey eliezer, thanks for quick response i am actually using following,
acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump" ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all contents of url.nobump file are, update\.microsoft\.com$ update\.microsoft\.com\.akadns\.net$ v10\.vortex\-win\.data\.microsoft.com$ settings\-win\.data\.microsoft\.com$ # The next are trusted SKYPE addresses a\.config\.skype\.com$ pipe\.skype\.com$ w[0-9]+\.web\.whatsapp\.com$ tty\.scaleway\.com$ eaadhaar\.uidai\.gov\.in$ facebook\.com$ opera\.com$ itunes\.apple\.com$ Do i need to do anything additional? or are you suggesting i remove bumping completely and just use splice feature only. On Thu, Feb 9, 2017 at 3:52 PM, Eliezer Croitoru <elie...@ngtech.co.il> wrote: > Thanks for sharing the details. > > But you didn’t answered if you tried slice with ssl bump. > > Let me know if you have tried it. > > > > Eliezer > > > > ---- > > Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > > *From:* hardikdan...@gmail.com [mailto:hardikdan...@gmail.com] *On Behalf > Of *Hardik Dangar > *Sent:* Wednesday, February 8, 2017 10:17 PM > *To:* Eliezer Croitoru <elie...@ngtech.co.il> > *Cc:* Squid Users <squid-users@lists.squid-cache.org> > *Subject:* Re: [squid-users] Transparent Squid issue with Appstore in > MacOS Sierra > > > > I am using following command, > > > > i am converting pem file into cer using openssl and then putting that file > using this command into keychain. > > sudo security add-trusted-cert -d -r trustRoot -k > "/Library/Keychains/System.keychain" "~/mycert.cer" > > > > On Wed, Feb 8, 2017 at 9:36 PM, Eliezer Croitoru <elie...@ngtech.co.il> > wrote: > > Can you give me\us a link to instructions how you have installed the > certificate on MAC OS? > I know how to do it on Windows and Linux but not MAC OS. > > Also, have you tried using peek and splice? From your email it seems you > have not tried to use these.(If you need instructions I would be happy to > share what I am using for windows updates and it can be adapted to > appstore). > > Thanks, > Eliezer > > ---- > http://ngtech.co.il/lmgtfy/ > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Hardik Dangar > Sent: Tuesday, February 7, 2017 9:06 PM > To: Squid Users <squid-users@lists.squid-cache.org> > Subject: [squid-users] Transparent Squid issue with Appstore in MacOS > Sierra > > > Hello, > > > Here is some information about my squid version, > > Squid Cache: Version 3.5.23 > Service Name: squid > configure options: '--prefix=/usr' '--localstatedir=/var/squid' > '--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid' > '--sysconfdir=/etc/squid' '--with-default-user=proxy' > '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' > '--with-openssl' '--enable-ssl-crtd' '--enable-inline' > '--disable-arch-native' '--enable-async-io=8' > '--enable-storeio=ufs,aufs,diskd,rock' > '--enable-removal-policies=lru,heap' '--enable-delay-pools' > '--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake' > '--enable-ecap' > > > We are running squid as transparent proxy and have certs installed in all > systems. Until recently all our systems were ubuntu or windows. Recently we > added mac os Seirra and the biggest issue we had with mac is even after > installing certificates. Few apps have problems. > > Our biggest problem is Itunes Store. It just doesn't work for some reason. > if we check the log we get random ip's trying to connect via 443 port but > it doesn't connect. > Also Skype for Mac does not work. strangely this works for windows and > ubuntu in our network. Again we see the same behavior. > > both of these apps does not work even in Iphone and Ipad. > > I believe someone must be able to configure transparent squid with Mac. > can anyone tell me if i need to do anything extra for Mac setup. > > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
