Hello, I'm trying to configure Squid as a HTTPS cache on my local computer,
using ssl-bump. I've got it working as a basic proxy, but the traffic seems to
just be tunneling through and not being cached. My web browser shows the site's
actual certificate, rather than the locally generated self-signed certificate,
which I want it to see. I have followed every tutorial I can find and none of
them are helpful in figuring out what the hell is going on here. Here is what
my config file looks like:
[...]
http_port 3128 ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=32MB \
cert=/path/to/self-signed.pem \
key=/path/to/self-signed.pem
sslcrtd_program /usr/libexec/security_file_certgen -s /path/to/ssl-database -M
32MB
ssl_bump peek all
ssl_bump bump all
ssl_bump splice localhost
[...]
Otherwise, it's pretty much just the default config. The only thing that seems
to halfway work is removing the line:
http_access deny CONNECT !SSL_ports
and changing to:
http_access deny CONNECT
With that change, an older Chromium just hangs trying to load the page, saying
"Processing request." On a WebKit-based browser, I get a Squid 'Access Denied'
error page. Another WebKit browser complains about the certificate, but when I
tell it to continue anyway, it gives the same 'Access Denied' page. A newer
Chromium stops right away with an untrusted SSL certificate error, and the
details look like it's getting the self-signed certificate, as expected.
I've been battling this for hours and I'm at my wit's end. What am I doing
wrong here? Thanks for any help.
--
Dave Blanchard <d...@killthe.net>
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
