Good evening, > ---------------------------------------- > From: Stefan Baur <newsgroups.ma...@stefanbaur.de> > Sent: Wed Jul 25 17:51:19 NCT 2012 > To: <list@lists.pfsense.org> > Subject: Re: [pfSense] Squid transparent ssl proxy > > > Am 25.07.2012 05:17, schrieb Jerome Alet: > > > Any idea what I'm doing wrong ? > > This is what you're doing wrong: > > Now I'd like to set it up as an HTTPS transparent proxy as well. > > HTTPS traffic is encrypted, and squid is lacking the proper > keys/certificates to decrypt it. > > In theory, you could set up squid with its own certificates, but that > will turn squid into a man-in-the-middle, i.e. all your clients will > complain that the certificate doesn't match the sites they're trying to > access.
I know this is man in the middle, and I even wrote that we were OK with the browser message which clearly says there's something like a man in the middle attack going on. Since I've added its own certificate to Squid, it isn't lacking them, and so it "*should*" work from what I've read on the net about this subject. But clearly I'm missing something because instead of having the traffic decrypted by Squid and then encrypted again by Squid for local clients, I've got a Protocol Error. So my original question was not about it being OK to do it or not, but more about why it didn't work as expected. Thanks for your feedback anyway, if I can't do otherwise I'll play with autoconfiguration scripts. bye -- Jerome Alet _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
