More than 5 years have passed since last update.

SquidでSSL intercept

SSL
squid

Posted at 2016-11-16

設定ファイルの書き換え

# http_port 3128
http_port 3128  ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/etc/squid/squidCA.pem
ssl_bump bump all
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/db/ssl_db -M 4MB

証明書が保存されるディレクトリの作成

> sudo /usr/local/libexec/squid/ssl_crtd -c -s /var/db/ssl_db
> sudo chown -R /var/db/ssl_db

ルート証明書の作成

> sudo openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -keyout squidCA.pem -out squidCA.pem
> sudo openssl x509 -in squidCA.pem -outform DER -out squidCA.der

squidCA.derをクライアントにインポートする

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up