DEV Community

Cover image for Configuring SSL Bumping in the Squid service
suntong
suntong

Posted on

Configuring SSL Bumping in the Squid service

repost from https://help.kaspersky.com/KWTS/6.0/en-us/166244.htm, whose Last review was on Jan 18, 2019

To configure SSL Bumping in the Squid service:

  1. Make sure that the utilized Squid service supports the necessary options. To do so, execute the command:

    squid -v

    The configure options parameter must contain the --enable-ssl-crtd and --with-openssl values.

  2. Go to the Squid service folder. To do so, execute the command:

    cd /etc/squid

  3. Create a self-signed SSL certificate. To do so, execute the command:

    openssl req -new -newkey rsa:2048 -days <certificate validity period in days> -nodes -x509 -keyout squidCA.pem -out squidCA.pem

    You will be prompted to fill in the fields of the self-signed SSL certificate.

  4. Please fill in the fields of the self-signed SSL certificate.

  5. Create a trusted certificate to be imported into a browser. To do so, execute the command:

    openssl x509 -in squidCA.pem -outform DER -out squid.der

  6. Import the squid.der file into the browsers of local computer users.
    The method used to import the squid.der file into a browser depends on the type of browser.

  7. Configure the permissions to use a self-signed certificate file. To do so, run the following commands depending on the utilized operating system...

    . . . Details omitted. For this and the next two steps, i.e. steps 7,8,9, refer to the original article. . .

Finally, restart the Squid service. To do so, execute the command:

service squid restart

Configuration of SSL Bumping in the Squid service will be complete.

Top comments (0)