On 20/12/18 4:32 am, Meridoff wrote:
> 1) I just try to intercept https traffic. I use https_port ...
> cert=cert.pem capath=/dir . So squid can generate sertificates based on
> file.cert as Root CA.
>
Yes.
> So, my file.cert is combined from cert and key files. And it is not
> sefl-signed.
On 20/12/18 1:13 am, Meridoff wrote:
> Hello, when proxying https traffic squid needs self-signed cert.
>
No, Squid needs a certificate with properties compatible with the
particular "proxying https" which your proxy is configured to do.
Some of those uses require *a CA* certificate and key.
Hello, when proxying https traffic squid needs self-signed cert.
But what if I use not self-signed cert ? I need to use cert of my company
which is not self-signed. Is it possible ? May be I can use capath= option
for this..
Now squid complains: FATAL: No valid signing SSL certificate configured
Amos,
Thank you for your reply.
I have version 3.5.12 compiled with Debian rules example provided here,
http://docs.diladele.com/administrator_guide_4_5/install/ubuntu14/tools.html
Do you think I could patch squid from 3.5.12 to 3.5.21 via patches
available at
On 20/09/2016 4:42 a.m., Hardik Dangar wrote:
> Hello,
>
> I am using squid 3.5.12(detailed version info is below) on Ubuntu 16.04.1
> LTS server. My squid config is at, http://pastebin.com/raw/b8RZ67u9
>
> I have configured squid as intercept proxy bumping all SSL https
> connections. Setup is
I've hard worked against google applications,
The points is, google use the same certificate for a bunch of different
apps,
like google.com, youtube.com, drive.google.com.
I'd like to know if someone already got terminated youtube.com and
keep working google.com and others services.
On 16/01/2016 3:35 a.m., Lucas Castro wrote:
> I've hard worked against google applications,
> The points is, google use the same certificate for a bunch of different
> apps,
> like google.com, youtube.com, drive.google.com.
> I'd like to know if someone already got terminated youtube.com and
>
On 21/04/2015 1:17 p.m., snakeeyes wrote:
Thankx , I will tell u wt I did so far abd hope u help me in the directive
squid needed :
Squid does not perform SNI based certificate selection for HTTPS
virtual-hosting. You need an IP address for every top level domain being
served, sub-domains
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Man,
self-signed sertificate required only for SSL Bump (not pump :)).
For SSL reverse proxy you need CA's signed server certificate.
Feel the difference.
21.04.15 5:16, snakeeyes пишет:
Hi all , I need a help in setting up squid for https
...@lists.squid-cache.org]
On Behalf Of Yuri Voinov
Sent: Monday, April 20, 2015 6:22 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squid HTTPs as reverse proxy problem
Man,
self-signed sertificate required only for SSL Bump (not pump :)).
For SSL reverse proxy you need CA's
What do I need for squid directive ?
Is what I did above is okay ?
cheers
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Yuri Voinov
Sent: Monday, April 20, 2015 6:22 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squid
Hello. Can anybody tell me can I cache https requests with squid options
described below?
Squid Cache: Version 3.3.8
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include'
On 19/12/2013 8:28 a.m., 0bj3ct wrote:
Hello. Can anybody tell me can I cache https requests with squid options
described below?
snip
I've configured iptables to redirect 443 to squid https_port number, tcpdump
shows that machine accepts request on port 443. But client cannot open https
Every time a user try to access https web site they got and error about
certificate not been emit by certificate authority. Removing the proxy from
internet setting, i got rid of these warning. I got squid 2.16 Stable 16
with squidGuard.
Tried with 3.1.0.12 and got the same thing.
Anybody have
boipie01 wrote:
Every time a user try to access https web site they got and error about
certificate not been emit by certificate authority. Removing the proxy from
internet setting, i got rid of these warning. I got squid 2.16 Stable 16
with squidGuard.
Tried with 3.1.0.12 and got the same
Hi,
I am trying to redirect https traffic to squid for days. 2 weeks ago i
sent a post to this group and tried some advices but could not fix my
problem. If i use server ip and squid port with any browser ( without
redirecting https or ftp port with iptables ) it works ( both https anf
ftp )
On Tue, Sep 2, 2008 at 11:30 AM, İsmail ÖZATAY [EMAIL PROTECTED] wrote:
Hi,
I am trying to redirect https traffic to squid for days. 2 weeks ago i sent
a post to this group and tried some advices but could not fix my problem. If
i use server ip and squid port with any browser ( without
Indunil Jayasooriya yazmış:
On Tue, Sep 2, 2008 at 11:30 AM, İsmail ÖZATAY [EMAIL PROTECTED] wrote:
Hi,
I am trying to redirect https traffic to squid for days. 2 weeks ago i sent
a post to this group and tried some advices but could not fix my problem. If
i use server ip and squid port
I am using Squid Cache: Version 2.6.STABLE18 and when i applied sslBump i
got error. Can you use this option with the same version of mine ? I think
you are using squid 3. I tried this option like this ;
I also use squid Version 2.6.STABLE18 from OpenBSD port tree as
transparent interception.
Indunil Jayasooriya yazm?s,:
I am using Squid Cache: Version 2.6.STABLE18 and when i applied sslBump i
got error. Can you use this option with the same version of mine ? I think
you are using squid 3. I tried this option like this ;
I also use squid Version 2.6.STABLE18 from OpenBSD port
Indunil Jayasooriya yazmış:
Could you send me your squid.conf file from the version of squid 2.6 ,
please ?
this is the file on openbsd 3.4
Hi again ;
This your configuration and i can not see any https configuration in it.
This is a standart config. I just want to use
Indunil Jayasooriya yazmýþ:
Could you send me your squid.conf file from the version of squid 2.6 ,
please ?
this is the file on openbsd 3.4
Hi again ;
This your configuration and i can not see any https configuration in it.
This is a standart config. I just want to use
redirected
Amos Jeffries yazm?s,:
Indunil Jayasooriya yazmýþ:
Could you send me your squid.conf file from the version of squid 2.6 ,
please ?
this is the file on openbsd 3.4
Hi again ;
This your configuration and i can not see any https configuration in it.
This is a standart
Amos Jeffries yazm?s,:
Indunil Jayasooriya yazmýþ:
Could you send me your squid.conf file from the version of squid 2.6
,
please ?
this is the file on openbsd 3.4
Hi again ;
This your configuration and i can not see any https configuration in
it.
This is a standart config. I just
Thompson, Scott (WA) wrote:
Hi all
We had this problem with Squid 2.5 and I am seeing it also with 2.6
which I was hoping would fix it
Every time we try to access a site using HTTPS that uses Java we keep
getting proxy authentication popups
The specific site in question is gotomeeting.com when
Hello,
today on our proxy server we have a antivirus between the client and
squid. The antivirus listens on 3128 an then passes the packets to squid
via 3130. Thats fine with http. The problem is that users access
external webmail sites via https and download virus infected files that
can
Andreas Moroder schrieb:
Hello,
today on our proxy server we have a antivirus between the client and
squid. The antivirus listens on 3128 an then passes the packets to
squid via 3130. Thats fine with http. The problem is that users access
external webmail sites via https and download virus
Andreas Moroder schrieb:
Hello Jakob,
I know about the tunneling problem. We discovered one PC in our
hospital last week with a tunneling softwar einstalled.
On the other hand there are sites you need https to log in.
There are commercial interception solutions on the market. I do not know
The https port is not related to https proxying and should probably be
removed. To proxy https, in your browser, set the https proxy port to
3128 (or whatever you have set the standard http port to).
Ben
On 07/10/05, Ibrahim Calisir [EMAIL PROTECTED] wrote:
thank you, for your quick reply..
Hi
I am not very good in squid. I configured squid-2.5.STABLE11 with LDAP
and SSL enabled. Connecitons to https port had page cannot be
displayed error message in IE6, however connections to http port had no
problem and asks username and password. I did not understad why https
port connections
Ibrahim Calisir schrieb:
Hi
I am not very good in squid. I configured squid-2.5.STABLE11 with LDAP
and SSL enabled. Connecitons to https port had page cannot be
displayed error message in IE6, however connections to http port had no
problem and asks username and password. I did not understad
thank you, for your quick reply..
However there is no line that relate to https connection that I write,
except the default acl rules as:
acl Safe_ports port 443 563 # https, snews
http_access deny !Safe_ports
acl SSL_ports port 443 563
http_access deny CONNECT !SSL_ports
I do not have
Hi,
I am having a problem since i have install squid after
my adsl connection. Here goes the problem:
The proxy function pretty well accept that i am having
problem to access https pages.
When i disable proxy on my Mozilla Browser, it just
works fine without any problem to access my
Here is the access.log
1112855949.835 60538 192.168.1.150 TCP_MISS/503 0
CONNECT www.google.com:443 test DIRECT/216.239.59.99
Which gives error 503 service unavailable
--- Shafeek Sumser [EMAIL PROTECTED] wrote:
Hi,
I am having a problem since i have install squid
after
my adsl
Hi,
I am having a problem since i have install squid after
my adsl connection. Here goes the problem:
The proxy function pretty well accept that i am having
problem to access https pages.
When i disable proxy on my Mozilla Browser, it just
works fine without any problem to
Here is the access.log
1112855949.835 60538 192.168.1.150 TCP_MISS/503 0
CONNECT www.google.com:443 test DIRECT/216.239.59.99
Which gives error 503 service unavailable
--- Elsen Marc [EMAIL PROTECTED] wrote:
Hi,
I am having a problem since i have install squid
after
my adsl
--- Elsen Marc [EMAIL PROTECTED] wrote:
Hi,
I am having a problem since i have install squid
after
my adsl connection. Here goes the problem:
The proxy function pretty well accept that i am
having
problem to access https pages.
When i disable proxy on my Mozilla
...
...
tail -f /var/log/squid/access.log
1112857550.905 61288 192.168.1.150 TCP_MISS/503 0
CONNECT www.google.com:443 test DIRECT/216.239.59.99 -
It says 503: Service unavailable
- Is there any addiditional info in cache.log ?
- Does DNS (lookup) work on the squidbox (try
--- Elsen Marc [EMAIL PROTECTED] wrote:
...
...
tail -f /var/log/squid/access.log
1112857550.905 61288 192.168.1.150 TCP_MISS/503 0
CONNECT www.google.com:443 test
DIRECT/216.239.59.99 -
It says 503: Service unavailable
- Is there any addiditional info in
A gret Thanks to you all.
I have been able to solve the problem. In fact, it is
not in squid. The problem is in iptables.
I just forgot to add https in the OUTPUT part.
The problem has been solved.
Thanks
A+
Shafeek Sumser
--- Elsen Marc [EMAIL PROTECTED] wrote:
- Is
40 matches
Mail list logo