repost from https://help.kaspersky.com/KWTS/6.0/en-us/166244.htm, whose Last review was on Jan 18, 2019
To configure SSL Bumping in the Squid service:
Make sure that the utilized Squid service supports the necessary options. To do so, execute the command:
squid -v
The configure options parameter must contain the--enable-ssl-crtd
and--with-openssl
values.Go to the Squid service folder. To do so, execute the command:
cd /etc/squid
Create a self-signed SSL certificate. To do so, execute the command:
openssl req -new -newkey rsa:2048 -days <certificate validity period in days> -nodes -x509 -keyout squidCA.pem -out squidCA.pem
You will be prompted to fill in the fields of the self-signed SSL certificate.Please fill in the fields of the self-signed SSL certificate.
Create a trusted certificate to be imported into a browser. To do so, execute the command:
openssl x509 -in squidCA.pem -outform DER -out squid.der
Import the squid.der file into the browsers of local computer users.
The method used to import the squid.der file into a browser depends on the type of browser.Configure the permissions to use a self-signed certificate file. To do so, run the following commands depending on the utilized operating system...
. . . Details omitted. For this and the next two steps, i.e. steps 7,8,9, refer to the original article. . .
Finally, restart the Squid service. To do so, execute the command:
service squid restart
Configuration of SSL Bumping in the Squid service will be complete.
Top comments (0)