[CentOS] Squid and HTTPS interception on CentOS 7 ?

Mon Mar 5 16:49:15 UTC 2018
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On 03/05/18 10:21, Nicolas Kovacs wrote:
> Le 05/03/2018 à 16:30, Valeri Galtsev a écrit :
>> Sorry, I missed the beginning of this thread. This sounds to me like
>> running one's own Certification Authority. I did that a while ago for
>> over a decade. However, these days one may consider
>> https://letsencrypt.org/
>> - you will have to run web server to have certificate signed by them,
>> but pointing other services to use that same certificate/secret key pair
>> will work.
> I do use LetsEncrypt for all my public certificates. But I can't use it
> on a local machine with a hostname like server.company.lan. This is
> simply not possible.

Yes, it is not. They do verify on publicly accessible server that that 
host is the one you have assess to, and certainly no CA authority will 
sign certificate for private address space. I missed the beginning of 
the thread which was edited away from what I was replying to...


> Niki

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247