Re: https_port

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: https_port
From: "Adiel Plasencia Herrera" <adielp@estereocentro.icrt.cu>
Date: Thu, 08 Jun 2017 11:18:16 -0700
Message-id: <[🔎] WC20170608181816.90000A@estereocentro.icrt.cu>
In-reply-to: <[🔎] 20170608145538.GA30864@khazad-dum.debian.net>
References: <[🔎] bfcd898b-8410-47c9-9698-8fa316bd6ab9@googlegroups.com> <[🔎] 201706071035.23320.gheskett@shentel.net> <[🔎] 20170607145426.xlzfx224sfsvgsmh@darac.org.uk> <[🔎] 201706071900.52974.gheskett@shentel.net> <[🔎] 20170608122050.cboakdl73r4eftkm@darac.org.uk> <[🔎] WC20170608154114.130004@estereocentro.icrt.cu> <[🔎] 20170608131958.ptcbxhyehacvvibm@darac.org.uk> <[🔎] 20170608145538.GA30864@khazad-dum.debian.net>

Hello,
I do not look for security, is that having no real internet ip in my company I need certain programs to go to the internet and for that I use proxycap (http://www.proxycap.com/) that makes me this function perfectly through the proxy . What happens is that with HTTP does not work and I need to pass my squid to use HTTPS authentication for the program (proxycap) to work well.

A friend told me that for https_port to work I needed validated certificates, not self-generated ones. I do not know to what extent this has to be so because the configuration I need is customized for me only and would be internal to my company that does not have visibility to the internet because this squid is a child of another that is the one that has the real internet ip .

I need the help to correctly create those certificates and the options to put in the line https_port.

I am very novice in squid and linux.

Thank you

-----Original Message-----
From: Henrique de Moraes Holschuh <hmh@debian.org>
To: debian-user@lists.debian.org
Date: Thu, 8 Jun 2017 11:55:38 -0300
Subject: Re: https_port

On Thu, 08 Jun 2017, Darac Marjal wrote:
> On Thu, Jun 08, 2017 at 08:41:14AM -0700, Adiel Plasencia Herrera wrote:
> >How to generate the certificate and the key to make a very
> >basic configuration of the https connection.
>
> NTP doesn't use HTTPS. It uses its own port, it's own protocol and
> implements standard cryptography in a manner more suited to the
> protocol.
>
> See https://www.eecis.udel.edu/~mills/ntp/html/autokey.html for more
> details.

Don't bother with autokey, it is not worth the pain. If you can use ntp
symmetric key authentication, that one should take care of your servers
well enough.

There is no security for anything that is based on SNTP, though (that
"S" is for Simple, not Secure), you'd have to do it in a lower layer
(local firewall, IPSEC AH, whatever).

--
Henrique Holschuh

Reply to:

Follow-Ups:
- Re: https_port
  - From: Darac Marjal <mailinglist@darac.org.uk>

References:
- NTP.conf pool vs server
  - From: ray <ray@aarden.us>
- Re: NTP.conf pool vs server
  - From: Gene Heskett <gheskett@shentel.net>
- Re: NTP.conf pool vs server
  - From: Darac Marjal <mailinglist@darac.org.uk>
- Re: NTP.conf pool vs server
  - From: Gene Heskett <gheskett@shentel.net>
- Re: NTP.conf pool vs server
  - From: Darac Marjal <mailinglist@darac.org.uk>
- Re: https_port
  - From: "Adiel Plasencia Herrera" <adielp@estereocentro.icrt.cu>
- Re: https_port
  - From: Darac Marjal <mailinglist@darac.org.uk>
- Re: https_port
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: https_port
Next by Date: Re: https_port
Previous by thread: Re: https_port
Next by thread: Re: https_port
Index(es):
- Date
- Thread