The config looks good, as long as you configure your browsers to use port 3127
for HTTPS. You don't need the example broken_sites acl, but it is also
harmless.
Please open the Firefox settings and go to Advanced - Certificates - View
certificates. A new window will appear. Click the Authorities tab and search
for the Squid certificate. If it does not appear in the list, you have the
answer. It is also the most common cause of "Untrusted certificate" errors,
although not the only possible one.
BTW, I would recommend you to specify the "-config /etc/openssl.cnf" parameter
to openssl when creating the certificate, and to edit /etc/openssl.cnf to
adjust some settings, like the key length.
Please provide more details about which certificate errors you get; otherwise
it's hard to know what's wrong.
Regards,
Victor
El Viernes, 22 de noviembre de 2013 05:37:51 iishiii escribió:
> I tried to import the certificate .... but not sure it was correct or not
> ...i am using chrome ...firfox ...EI10 for testing ... the following is my
> setting ....
>
> http_port 3128 intercept
> https_port 3127 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem
> acl broken_sites dstdomain .example.com
> ssl_bump none localhost
> ssl_bump none broken_sites
> ssl_bump server-first all
> sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
> /usr/local/squid/var/lib/ssl_db -M 4MB
> sslcrtd_children 5
>
> i followed the procedure of this tutorial
> http://pen-testing-lab.blogspot.com/
>
> Please guide me by steps how you done get it working please
>
>
>
> --
> View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/anyOne-who-has-working-s
> sl-bump-configuration-for-facebook-tp4663452p4663454.html Sent from the
> Squid - Users mailing list archive at Nabble.com.
RSVP: "State of the Backup Appliance Market" webinar featuring leading analyst firm IDC. Tuesday, November 19, 10am PST. Register at http://www.barracuda.com/idcwebinar.
Received on Fri Nov 22 2013 - 16:25:54 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 22 2013 - 12:00:05 MST