Squid: how to enable verification for SSL self-signed certificates
I found a workaround for this problem. Instead of configuring Squid I added the CA certificate to the list of trusted CA certificates system-wide.
I followed the instructions here http://gagravarr.org/writing/openssl-certs/others.shtml
Related videos on Youtube
11 : 02
25 : 01
13 : 23
05 : 29
14 : 47
06 : 42
01 : 35
pAkY88
Updated on September 18, 2022Comments
-
pAkY88 almost 2 years
I'm using Squid 3.4.8 as a reverse proxy which is forwarding request to a specific server. The communication between Squid and the server is in HTTPS.
The certificate used by the server is self-signed, meaning that I created a CA certificate with which I signed the server certificate.
I would like to properly verify the server certificate by using my CA certificate (instead of setting sslproxy_flags to DONT_VERIFY_PEER, which is not safe). How can I configure Squid to do that?
I suppose I have to set sslproxy_flags to NO_DEFAULT_CA and then use some particular acl to allow all SSL certificates issued by my CA, but after reading the documentation I'm a bit confused.
Thanks