On 14/04/2017 6:00 a.m., Yuri Voinov wrote: > > > 13.04.2017 22:57, Olly Lennox пишет: >> Hi There, >> >> I've been battling for the last few days on a little project to setup a >> Raspberry PI device as a small parental blocking server. I've managed to >> configure the device to work as a transparent proxy using squid which is >> assigned as the default gateway via DHCP and after a lot of messing about >> I've finally got to the point where it's routing traffic correctly, proxying >> and blocking unwanted websites over HTTP. >> >> The problem I have is that for the life of me I cannot get things to work >> over HTTPS. It's working over the older, insecure web browsers where >> anything goes but the more modern browsers will not accept the SSL >> certificates and fail with insecure messages. I've tried various ways of >> generating a cert and also generating a CA cert and signing my other cert >> with it to no avail. I've had a mixture of errors back from the browser from >> WEAK_ALGORITHM to BAD_AUTHORITY to INVALID_CERT. >> >> I've been using openssl to generate self-signed certificates and create a >> der file. Below is a recent attempt but I've tried lots of different >> approaches: >> >> ------------ >> openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout >> squid.key -out squid.crt >> openssl req -new -x509 -key squid.key -out squid.pem >> openssl x509 -in squid.pem -inform pem -out squid.der -outform der >> ------------ >> >> >> Then my config in Squid is like this, the dhparams file I generated as per >> instructions in the squid wiki: > First of all: what's Squid's version?
And secondly; are you sufficiently capable with Debian to (cross-)build your own Squid package that can run on Raspian? The Debian squid/squid3 packages do not have TLS/SSL/HTTPS support. So you will be building your own to get the bumping features. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
