On 24/12/10 04:15, Alex Ray wrote:
> When using squid 3.2 beta with ssl-bump and dynamic certificate
> generation, is it possible to have the generated certificates issued
> by a trusted CA (trusted on each computer), so that browsers receive
> neither the "website does not match certificate CN" or "this
> certificate is self-signed/untrusted" errors?
Yes, if you have a trusted CA to sign with the "Dynamic SSL certificate"
feature was just released in 3.2.0.4. It can use a public CA authority
or a self-signed CA installed with trust on the browsers.
see http://wiki.squid-cache.org/Features/DynamicSslCert for how to
configure Squid and generate self-signed CA for use.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Fri Dec 24 2010 - 12:42:13 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 24 2010 - 12:00:03 MST