Nice, thanks for sharing. You could probably just drop your CA cert in the filesystem and run a couple of commands to get it imported, rather than having to import the CA in the browsers individually. You could probably deliver it via yum/rpm or better yet, ansible or even some shell script. -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message -----> From: "Nicolas Kovacs" <info at microlinux.fr> > To: "CentOS mailing list" <centos at centos.org> > Sent: Monday, 5 March, 2018 12:04:59 > Subject: Re: [CentOS] Squid and HTTPS interception on CentOS 7 ?> Le 28/02/2018 ? 22:23, Nicolas Kovacs a ?crit : >> So far, I've only been able to filter HTTP. >> >> Do any of you do transparent HTTPS filtering ? Any suggestions, >> advice, caveats, do's and don'ts ? > > After a week of trial and error, transparent HTTPS filtering works > perfectly. I wrote a detailed blog article about it. > > https://blog.microlinux.fr/squid-https-centos/ > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'?glise - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : info at microlinux.fr > T?l. : 04 66 63 10 32 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
Le 05/03/2018 ? 13:30, Nux! a ?crit :> You could probably just drop your CA cert in the filesystem and run a > couple of commands to get it imported, rather than having to import > the CA in the browsers individually. You could probably deliver it > via yum/rpm or better yet, ansible or even some shell script.I will have to use this in environments with mainly Windows, OS X and iOS clients. I'm still thinking about how to do this, but I guess I'll just setup a local web page on the server, with a link to download the certificate file and short instructions on how to install it on the most common browsers (Internet Explorer, Edge, Firefox, Chrome, Safari, ...). Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32
On 03/05/18 06:34, Nicolas Kovacs wrote:> Le 05/03/2018 ? 13:30, Nux! a ?crit : >> You could probably just drop your CA cert in the filesystem and run a >> couple of commands to get it imported, rather than having to import >> the CA in the browsers individually. You could probably deliver it >> via yum/rpm or better yet, ansible or even some shell script. > > I will have to use this in environments with mainly Windows, OS X and > iOS clients. I'm still thinking about how to do this, but I guess I'll > just setup a local web page on the server, with a link to download the > certificate file and short instructions on how to install it on the most > common browsers (Internet Explorer, Edge, Firefox, Chrome, Safari, ...).Sorry, I missed the beginning of this thread. This sounds to me like running one's own Certification Authority. I did that a while ago for over a decade. However, these days one may consider https://letsencrypt.org/ - you will have to run web server to have certificate signed by them, but pointing other services to use that same certificate/secret key pair will work. Just my $0.02 Valeri> > Niki >-- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++