OK so from the real world: What's the best way to ban Let's encrypt based certificates? or whitelist a very narrow list of Root and Intermediates CA?
I have a setup which one of the requirements is to restrict access to sites which depends on Let's encrypt generated certificates. The issue is that these sites are encrypted but do not offer any way of assuring real ISO and couple other compatibilities of the ORG. For a simple home user it's fine most of the time but for some it's not. The most simple way is to block the specific domain but I need to know if the site certificate is from Let's encrypt. I was thinking about an external ACL helper that might check it for squid if squid or openssl doesn't have currently an option to implement it. Thanks, Eliezer ---- Eliezer Croitoru <http://ngtech.co.il/lmgtfy/> Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
