DEV Community

Cover image for Configuring SSL Bumping in the Squid service
suntong
suntong

Posted on

2 1

Configuring SSL Bumping in the Squid service

repost from https://help.kaspersky.com/KWTS/6.0/en-us/166244.htm, whose Last review was on Jan 18, 2019

To configure SSL Bumping in the Squid service:

  1. Make sure that the utilized Squid service supports the necessary options. To do so, execute the command:

    squid -v

    The configure options parameter must contain the --enable-ssl-crtd and --with-openssl values.

  2. Go to the Squid service folder. To do so, execute the command:

    cd /etc/squid

  3. Create a self-signed SSL certificate. To do so, execute the command:

    openssl req -new -newkey rsa:2048 -days <certificate validity period in days> -nodes -x509 -keyout squidCA.pem -out squidCA.pem

    You will be prompted to fill in the fields of the self-signed SSL certificate.

  4. Please fill in the fields of the self-signed SSL certificate.

  5. Create a trusted certificate to be imported into a browser. To do so, execute the command:

    openssl x509 -in squidCA.pem -outform DER -out squid.der

  6. Import the squid.der file into the browsers of local computer users.
    The method used to import the squid.der file into a browser depends on the type of browser.

  7. Configure the permissions to use a self-signed certificate file. To do so, run the following commands depending on the utilized operating system...

    . . . Details omitted. For this and the next two steps, i.e. steps 7,8,9, refer to the original article. . .

Finally, restart the Squid service. To do so, execute the command:

service squid restart

Configuration of SSL Bumping in the Squid service will be complete.

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more