OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: khairy.boub on September 19, 2017, 11:09:02 am

Title: Squid without Certificate is it Possible
Post by: khairy.boub on September 19, 2017, 11:09:02 am

HI Team,
I have seen many tutorials of Squid Proxy HTTPS inspection they say we need to install the  certificate in every clients machine to work.!!!! 
it Possible run Squid Proxy HTTPS inspection without install certificate in all machine

Title: Re: Squid without Certificate is it Possible
Post by: bartjsmit on September 19, 2017, 11:36:22 am

Basic cryptography says no. Squid needs to sit in the layer 7 traffic and it needs to decrypt the traffic for that. The only way it can do that is by establishing the TLS connection with the client on a trusted certificate.

Bart...

Title: Re: Squid without Certificate is it Possible
Post by: khairy.boub on September 19, 2017, 11:57:09 am

Thank you
 i haves 100 pc in my network  :'( :'( no solution !!

Title: Re: Squid without Certificate is it Possible
Post by: fabian on September 19, 2017, 12:08:47 pm

If those 100 PCs are windows computers and belong to an AD domain, you can use a group policy. On most other operating systems, it should be possible to roll out the certificate using SSH.

Title: Re: Squid without Certificate is it Possible
Post by: khairy.boub on September 19, 2017, 12:15:28 pm

good idea
thank you

Title: Re: Squid without Certificate is it Possible
Post by: bartjsmit on September 19, 2017, 06:28:12 pm

Puppet, chef and ansible are perfect for this type of task on non-windows clients.

Bart...