On 2/02/2017 9:49 p.m., Odhiambo Washington wrote: > So we can't even use the free certs from letsencrypt with Squid?? >
Not for MITM / SSL-Bump no. The very first clause of the purchase contract for the LetsEncrypt CA is: " By requesting, accepting, or using a Let’s Encrypt Certificate: * You warrant to ISRG and the public-at-large that You are the legitimate registrant of the Internet domain name that is, or is going to be, the subject of Your Certificate, or that You are the duly authorized agent of such registrant. " Meaning they can be used for explicit TLS-proxy or CDN reverse-proxy only. If you have just used LetsEncrypt certs because of the hype about being cheap, easy and everyone else is saying its good. I think it well worth your time going to their site and reading that contract to which you have bound your network. For networks outside North America there are some legal implications about signing judicial authority and your users method of legal redress over to the USA government. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
