Squid configuration directive sslproxy_cert_sign
Available in: v7 v6 v5 v4 3.5 3.4 3.3
For older versions than v4 see the linked pages above
Configuration Details:
Option Name: | sslproxy_cert_sign |
---|---|
Replaces: | |
Requires: | --with-openssl |
Default Value: | none sslproxy_cert_sign signUntrusted ssl::certUntrusted sslproxy_cert_sign signSelf ssl::certSelfSigned sslproxy_cert_sign signTrusted all |
Suggested Config: |
|
sslproxy_cert_sign <signing algorithm> acl ... The following certificate signing algorithms are supported: signTrusted Sign using the configured CA certificate which is usually placed in and trusted by end-user browsers. This is the default for trusted origin server certificates. signUntrusted Sign to guarantee an X509_V_ERR_CERT_UNTRUSTED browser error. This is the default for untrusted origin server certificates that are not self-signed (see ssl::certUntrusted). signSelf Sign using a self-signed certificate with the right CN to generate a X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error in the browser. This is the default for self-signed origin server certificates (see ssl::certSelfSigned). This clause only supports fast acl types. When sslproxy_cert_sign acl(s) match, Squid uses the corresponding signing algorithm to generate the certificate and ignores all subsequent sslproxy_cert_sign options (the first match wins). If no acl(s) match, the default signing algorithm is determined by errors detected when obtaining and validating the origin server certificate. WARNING: SQUID_X509_V_ERR_DOMAIN_MISMATCH and ssl:certDomainMismatch can be used with sslproxy_cert_adapt, but if and only if Squid is bumping a CONNECT request that carries a domain name. In all other cases (CONNECT to an IP address or an intercepted SSL connection), Squid cannot detect the domain mismatch at certificate generation time when bump-server-first is used. |
|
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Quick Setup
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
Miscellaneous
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork
Web Site Translations
Mirrors
- Website:
- ... full list
- FTP Package Archive