See: http://wiki.squid-cache.org/Features/SslBump
On Thu, Mar 18, 2010 at 11:54 AM, Sheahan, John
<John.Sheahan_at_priceline.com> wrote:
> If Squid is configured to use the "squid wildcard certificate", does this mean that all of the HTTPS clients have to manually accept this certificate in order to proxy HTTPS through squid?
Same issues as with Blue Coat and "SSL Intercept". Some tunneled
protocols and a few websites will fail when intercepted, so you must
have provisions to make exceptions (e.g. "ssl_bump deny broken_sites")
Generally you would have the clients pre-loaded with your private CA
certificate, for MSIE you can do this by GPO, for some other
browsers/OS you do have to manually load the CA certificate, once.
Kevin
Received on Thu Mar 18 2010 - 18:06:03 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 19 2010 - 12:00:05 MDT