Squid HTTPS-proxy and certificate

Lexus45 · 11-12-2011, 11:54 AM

Hello all.
I would like to discuss setting up Squid as a https proxy.

In fact, the Squid settings are clear - http://www.squid-cache.org/Versions/...ttps_port.html

just add

Code:

https_port [server.name:port cert=certificate.pem [key=key.pem]

But I'm not sure what's the right way to create this certifacate.pem file.

We'd like to push the traffic from our employees through the proxy. This traffic includes Skype traffic too. But the Skype support only 2 proxy types: SOCKS and HTTPS, according to its settings. So, we need to make our proxy not only HTTPS, but HTTPS also.

What I've learned is that PEM-format may be used with Apache. But I don't know exactly what certificate is used on out webserver (I do not administrate it, but I know for sure that it's configured with HTTPS support). The easiest way, as I see it, is to cope the PEM-certificate from the webserver to the proxy-server.Correct me please if I'm mistaken.

Best regards, Alexey.
=======================
I think this is the way to go:
http://www.madboa.com/geek/openssl/#cert-self

mulyadi.santosa · 11-14-2011, 10:20 AM

Hi Alexey...

After reading the related documentation, I came to conclusion that https_port only works when you operate Squid as somekind of reverse proxy.

Specifically, to be able as https reverse proxy, it must hold the same certificate as the original web server. So in this case, somehow you need to get the Skype server(s) certificate.

Unless you're able to do that somehow, this https_port option is useless for your IMHO.

bathory · 11-14-2011, 12:14 PM

Hi,

Quote:

The easiest way, as I see it, is to cope the PEM-certificate from the webserver to the proxy-server.Correct me please if I'm mistaken.

If they both run on the same box (so the CN in the certificate will match), then there will be no problem.

Why don't you try the ss5 socks server?