blob: f34c2dd2f877df7f0292cd60e043caf3ffb416cc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>Squid</title>
</head>
<body>
<a href="index.html">Tools Index</a>
<h1>Squid</h1>
<pre>
install from romster
edit /etc/squid/squid.conf
edit only allow 10.0.0.0
edit folder to /srv/squid
edit /etc/passwd /srv/squid
https://www.smoothnet.org/squid-v3-5-proxy-with-ssl-bump/
http://roberts.bplaced.net/index.php/linux-guides/centos-6-guides/proxy-server/squid-transparent-proxy-http-https
</pre>
<pre>
# Generate Private Key
openssl genrsa -out core.privat-network.net.key 2048
</pre>
<pre>
# Create Certificate Signing Request
openssl req -new -key core.privat-network.net.key -out core.privat-network.net.csr
</pre>
<pre>
# Sign Certificate
openssl x509 -req -days 3652 -in core.privat-network.net.csr -signkey core.privat-network.net.key -out core.privat-network.net.cert
cat squid.key squid.crt > squid.pem
https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/squid.pem
always_direct allow all
ssl_bump none localhost
ssl_bump server-first all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
/usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db
chown -R squid.squid /var/lib/ssl_db
</pre>
<pre>
# Proxy Aware (non-intercepted traffic)
http_port 192.168.0.1:3128 ssl-bump cert=/etc/squid/example.com.cert key=/etc/squid/example.com.private generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
# Intercepted Traffic
https_port 192.168.0.1:3130 cert=/etc/squid/ssl/core.privat-network.net.cert key=/etc/squid/core.privat-network.net.key ssl-bump intercept generate-host-certificates=on version=1 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
# SSL Bump Config
ssl_bump stare all
ssl_bump bump all
</pre>
<a href="index.html">Tools Index</a>
<p>This is part of the c9-doc Manual.
Copyright (C) 2016
c9 team.
See the file <a href="fdl-1.3-standalone.html">Gnu Free Documentation License</a>
for copying conditions.</p>
</body>
</html>
|