[NTLM(http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy)
Wszytko by było OK gdyby nie certyfikat tutaj zaczynają się schody ;)
najlepiej jakby był z urzędu ale to jest siec prywatna więc też lipa.
http://www.banym.de/linux/build-squid-with-enable-ssl-on-debian
edit: /etc/apt/sources.list
deb-src http://ftp.de.debian.org/debian lenny main contrib non-free
deb-src http://backports.debian.org/debian-backports lenny-backports main contrib non-free
deb-src http://volatile.debian.org/debian-volatile/ lenny/volatile main contrib non-free
Następnie
cd /usr/src
download squid sources:
apt-get source squid
download squid build dependencies:
apt-get build-dep squid
download sources for openssh:
apt-get build-dep openssh
download sources for openssl:
apt-get build-dep openssl
download and install necessary stuff for build process:
apt-get install devscripts build-essential fakeroot
change directory:
cd squid-<version>
edit the build rules and add the –enable-ssl option to the configure section:
vim debian/rules
configure the new options (don’t do a make or make install !!!) :
./configure
compile and build package:
debuild -us -uc -b
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 443 -j REDIRECT –to-port 3130
Certificate and public key private key generation.
openssl genrsa -des3 -out server. Key 1024
openssl req -new –key -out server.csr
openssl req -new -key server. Key -out server.csr
Steps to remove passphrase
cp server. Key server. Key.old
openssl rsa -in server. Key.org -out server. Key
Create server certificate
Openssl x509 -req -days 365 -in server.csr -sign.key -out server.crt
Now make some changes to squid.conf file
http_port 3128 transparent
https_port 3130 transparent cert=/”path to server.crt” key=/”path to server.key”.
Another easy way to create certificates and public key private key pair is using genkey utility. In order to use that you have crypto-utils package install on your machine.
Steps are:
#yum -y install crypto-utils
genkey -days 365 squidserver.hostname.com
Hit next.
Select number of bits for data encryption. Default is 1024. This command will generate random bits.
Generate the certificate.
I will suggest you to never used passphrase for key, because if u assigns passphrase to key then along with public key we need to share passphrase.
Certificate and key are stored at /etc/pki/tls/certs/ and /etc/pki/tls/private/
In squid.conf make necessary change like this
http_port 3128 transparent
https_port 3130 transparent cert=/etc/pki/tls/certs/squidserver.hostname.com.crt key=/etc/pki/tls/private/squidserver.hostname.com.key.
http://6pmsolutions.com/2013/11/18/squid-transparent-ssl-interception/