LoginSignup
3
4

More than 5 years have passed since last update.

@suzukis

SquidでSSL intercept

Posted at

設定ファイルの書き換え

#http_port 3128
http_port 3128  ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/etc/squid/squidCA.pem
ssl_bump bump all
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/db/ssl_db -M 4MB

証明書が保存されるディレクトリの作成

> sudo /usr/local/libexec/squid/ssl_crtd -c -s /var/db/ssl_db
> sudo chown -R /var/db/ssl_db

ルート証明書の作成

> sudo openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -keyout squidCA.pem -out squidCA.pem
> sudo openssl x509 -in squidCA.pem -outform DER -out squidCA.der

squidCA.derをクライアントにインポートする

3
4
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
3
4