Squid without Certificate is it Possible

khairy.boub · September 19, 2017, 11:09:02 AM

HI Team,
I have seen many tutorials of Squid Proxy HTTPS inspection they say we need to install the certificate in every clients machine to work.!!!!
it Possible run Squid Proxy HTTPS inspection without install certificate in all machine

bartjsmit · September 19, 2017, 11:36:22 AM

Basic cryptography says no. Squid needs to sit in the layer 7 traffic and it needs to decrypt the traffic for that. The only way it can do that is by establishing the TLS connection with the client on a trusted certificate.

Bart...

khairy.boub · September 19, 2017, 11:57:09 AM

Thank you
i haves 100 pc in my network :'( :'( no solution !!

fabian · September 19, 2017, 12:08:47 PM

If those 100 PCs are windows computers and belong to an AD domain, you can use a group policy. On most other operating systems, it should be possible to roll out the certificate using SSH.

khairy.boub · September 19, 2017, 12:15:28 PM

good idea
thank you

bartjsmit · September 19, 2017, 06:28:12 PM

Puppet, chef and ansible are perfect for this type of task on non-windows clients.

Bart...

Squid without Certificate is it Possible

khairy.boub

September 19, 2017, 11:09:02 AM

bartjsmit

September 19, 2017, 11:36:22 AM #1

khairy.boub

September 19, 2017, 11:57:09 AM #2

fabian

September 19, 2017, 12:08:47 PM #3

khairy.boub

September 19, 2017, 12:15:28 PM #4

bartjsmit

September 19, 2017, 06:28:12 PM #5