So we can't even use the free certs from letsencrypt with Squid?? On 2 February 2017 at 11:35, FredB <fredbm...@free.fr> wrote:
> > From: http://wiki.squid-cache.org/Features/DynamicSslCert > > "In theory, you must either import your root certificate into browsers or > instruct users on how to do that. Unfortunately, it is apparently a common > practice among well-known Root CAs to issue subordinate root certificates. > If you have obtained such a subordinate root certificate from a Root CA > already trusted by your users, you do not need to import your certificate > into browsers. However, going down this path may result in removal of the > well-known Root CA certificate from browsers around the world. Such a > removal will make your local SslBump-based infrastructure inoperable until > you import your certificate, but that may only be the beginning of your > troubles. Will the affected Root CA go after you to recoup their world-wide > damages? What will your users do when they learn that you have been > decrypting their traffic without their consent?" > > The last sentence is ambiguous the users can known, you can inform that > you have been decrypting their traffic. > There is no difference (from user point of view I mean) between a > well-known Root CAs or a self-signed certificate with a CA injected by a > local GPO. > > But in practice I don't how how you can do that, just hello I want a > subordinate root certificates ? > > FredB > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
