Squid configuration directive sslproxy_cert_adapt
Available in: v7 v6 v5 v4 3.5 3.4 3.3
For older versions than v4 see the linked pages above
Configuration Details:
Option Name: | sslproxy_cert_adapt |
---|---|
Replaces: | |
Requires: | --with-openssl |
Default Value: | none |
Suggested Config: |
|
sslproxy_cert_adapt <adaptation algorithm> acl ... The following certificate adaptation algorithms are supported: setValidAfter Sets the "Not After" property to the "Not After" property of the CA certificate used to sign generated certificates. setValidBefore Sets the "Not Before" property to the "Not Before" property of the CA certificate used to sign generated certificates. setCommonName or setCommonName{CN} Sets Subject.CN property to the host name specified as a CN parameter or, if no explicit CN parameter was specified, extracted from the CONNECT request. It is a misconfiguration to use setCommonName without an explicit parameter for intercepted or tproxied SSL connections. This clause only supports fast acl types. Squid first groups sslproxy_cert_adapt options by adaptation algorithm. Within a group, when sslproxy_cert_adapt acl(s) match, Squid uses the corresponding adaptation algorithm to generate the certificate and ignores all subsequent sslproxy_cert_adapt options in that algorithm's group (i.e., the first match wins within each algorithm group). If no acl(s) match, the default mimicking action takes place. WARNING: SQUID_X509_V_ERR_DOMAIN_MISMATCH and ssl:certDomainMismatch can be used with sslproxy_cert_adapt, but if and only if Squid is bumping a CONNECT request that carries a domain name. In all other cases (CONNECT to an IP address or an intercepted SSL connection), Squid cannot detect the domain mismatch at certificate generation time when bump-server-first is used. |
|
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
Miscellaneous
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork
Web Site Translations
Mirrors
- Website:
- ... full list
- FTP Package Archive