Hello List, This is my situation: squid3.4.4 on Debian compiled from source (with options --enable-ssl and --enable-ssl-crtd)
It works quite well. Now, I'm trying to create a list of "ssl whitelisted" sites, using the ssl_bump feature and following: http://wiki.squid-cache.org/Features/SslBump With some sites added to this list (like Google, Hotmail, etc) the certificate presented to the client isn't the original one but the created by squid. It happens with some sites, particularly these. There are other that is OK. Have you folks go through these issues? Below is my squid.conf setting regarding to this. Thanks in advance! http_port 3129 http_port 3128 intercept https_port 3127 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=256MB cert=/etc/squid3/certs/ssl/public.pem key=/etc/squid3/certs/ssl/private.pem ## --\ acl broken_sites dstdomain "/etc/squid3/acl/ssl_whitelist.acl" #acl broken_sites dstdomain .cisco.com .virustotal.com .mail-archive.com .facebook.com always_direct allow broken_sites ssl_bump none localhost ssl_bump none broken_sites #ssl_bump server-first !broken_sites sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER ssl_bump server-first all
