squid sslbump works with private connection warning

1.1k views Asked by At

I use squid 3.5 with its sslbump feature for https traffic filtering. I generated my private key and cert files with openssl. However,the browser received the warning message when i open https websites that the certificate was issued by an unknown authority. I created ssl certificates with comodo but i still got the same warning message.

Is there a way to remove this warning?

# Squid normally listens to port 3128
http_port 3128 ssl-bump cert=/var/tmp/example.com.cert key=/var/tmp/example.com.private

# Squid listen Port
cert=/var/tmp/example.com.cert
# SSL Bump Config
always_direct allow all
ssl_bump server-first all

url_rewrite_program /usr/bin/sh /var/tmp/middle_squid_wrapper.sh start -C /var/tmp/middle_squid_config.rb

# required to fix HTTPS sites (if SslBump is enabled)
acl fix_ssl_rewrite method GET
acl fix_ssl_rewrite method POST
url_rewrite_access allow fix_ssl_rewrite
url_rewrite_access deny all
1

There are 1 answers

0
user3788685 On

You don't say what client OS you are using, but it sounds very much like you didn't import your squid certificate to the correct certificate store on the client.

When you install the certificate on a Windows client it should be imported into the Trusted Root Certificate Authorities'->'certificates folder.

The client should then trust the certificate.