Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- SQUIDCONF=/etc/squid3/squid.conf
- SSLCRTD=/usr/lib/squid3/ssl_crtd
- echo "creating directories"
- mkdir -p /etc/squid3/ssl_cert /etc/squid3/ssl_cert/ssl_db
- echo "about to create certificate..."
- cd /etc/squid3/ssl_cert
- openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem -out myCA.pem
- echo "creating der x509 certificate format"
- openssl x509 -in myCA.pem -outform DER -out myCA.der
- echo "the next is the certificate for client in x509 format:"
- cat myCA.der
- echo "initializing ssl_crtd_db"
- $SSLCRTD -c -s /etc/squid3/ssl_cert/ssl_db
- echo "changing ownership for ssl_db"
- chown -R nobody /etc/squid3/ssl_cert/ssl_db
- echo "adding settings into squid.conf"
- echo "https_port 13128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=16MB cert=/etc/squid3/ssl_cert/myCA.pem
- sslcrtd_program $SSLCRTD -s /etc/squid3/ssl_cert/ssl_db -M 16MB
- sslcrtd_children 10
- ssl_bump server-first all
- #sslproxy_cert_error allow all
- #sslproxy_flags DONT_VERIFY_PEER" >> $SQUIDCONF
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement