Author Topic: Squid without Certificate is it Possible (Read 8445 times)

khairy.boub · « **on:** September 19, 2017, 11:09:02 am »

HI Team,
I have seen many tutorials of Squid Proxy HTTPS inspection they say we need to install the certificate in every clients machine to work.!!!!
it Possible run Squid Proxy HTTPS inspection without install certificate in all machine

bartjsmit · « **Reply #1 on:** September 19, 2017, 11:36:22 am »

Basic cryptography says no. Squid needs to sit in the layer 7 traffic and it needs to decrypt the traffic for that. The only way it can do that is by establishing the TLS connection with the client on a trusted certificate.

Bart...

khairy.boub · « **Reply #2 on:** September 19, 2017, 11:57:09 am »

Thank you
i haves 100 pc in my network

no solution !!

fabian · « **Reply #3 on:** September 19, 2017, 12:08:47 pm »

If those 100 PCs are windows computers and belong to an AD domain, you can use a group policy. On most other operating systems, it should be possible to roll out the certificate using SSH.

khairy.boub · « **Reply #4 on:** September 19, 2017, 12:15:28 pm »

good idea
thank you

bartjsmit · « **Reply #5 on:** September 19, 2017, 06:28:12 pm »

Puppet, chef and ansible are perfect for this type of task on non-windows clients.

Bart...

Author Topic: Squid without Certificate is it Possible (Read 8445 times)

khairy.boub

Squid without Certificate is it Possible

bartjsmit

Re: Squid without Certificate is it Possible

khairy.boub

Re: Squid without Certificate is it Possible

fabian

Re: Squid without Certificate is it Possible

khairy.boub

Re: Squid without Certificate is it Possible

bartjsmit

Re: Squid without Certificate is it Possible