[CentOS] Squid and HTTPS interception on CentOS 7 ?

Mon Mar 5 15:30:57 UTC 2018
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On 03/05/18 06:34, Nicolas Kovacs wrote:
> Le 05/03/2018 à 13:30, Nux! a écrit :
>> You could probably just drop your CA cert in the filesystem and run a
>> couple of commands to get it imported, rather than having to import
>> the CA in the browsers individually. You could probably deliver it
>> via yum/rpm or better yet, ansible or even some shell script.
> I will have to use this in environments with mainly Windows, OS X and
> iOS clients. I'm still thinking about how to do this, but I guess I'll
> just setup a local web page on the server, with a link to download the
> certificate file and short instructions on how to install it on the most
> common browsers (Internet Explorer, Edge, Firefox, Chrome, Safari, ...).

Sorry, I missed the beginning of this thread. This sounds to me like 
running one's own Certification Authority. I did that a while ago for 
over a decade. However, these days one may consider


- you will have to run web server to have certificate signed by them, 
but pointing other services to use that same certificate/secret key pair 
will work.

Just my $0.02


> Niki

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247