虚拟机 ubuntu 12.04
$ sudo aptitude install stunnel
$ sudo aptitude install squid3
squid3的默认http端口是3128
/etc/stunnel/stunnel.conf中的foreground = yes, 是用来调试用的 如果用superviord来管理stunnel 这个选项也会用得到
/etc/stunnel/stunnel.pem, 这个pair是这样得到的 最主要的就是Common Name这个了,其他的随便填
$ openssl genrsa -out privkey.pem 2048
$ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
Common Name (e.g. server FQDN or YOUR name) []:192.168.56.2
$ cat privkey.pem cacert.pem > stunnel.pem
在192.168.56.2这台虚拟机上执行
$ sudo stunnel4 /etc/stunnel/stunnel.conf
然后用这个插件 https://chrome.google.com/webstore/detail/falcon-proxy/gchhimlnjdafdlkojbffdkogjhhkdepf 代理类型选https proxy, host填192.168.56.2, port填8888
懂得pac的 可以用
function FindProxyForURL(url, host) { return “HTTPS 192.168.56.2:8888; }
剩下的工作就是导入证书了
windows的按照这篇这样弄就可以了 打开ie 敲入 https://192.168.56.2:8888
(8步 vista/win7都应该那样做)
http://productforums.google.com/forum/#!topic/chrome/bds-Ao9LigA
- Open Internet Explorer (IE) and navigate to the site hosting the self-signed certificate.
- IE should display a page warning that, 'There is a problem with this web site's security certificate.'
- Click the, 'Continue to this website (not recommended)' link.
- Once the page has loaded, look to the right of the address bar. A red/pink button, labeled 'Certificate Error,' should be visible. Click that button.
- A pop-up, titled 'Untrusted Certificate,' will appear. Click the 'View certificates' link at the bottom of the pop-up.
- Another pop-up, titled 'Certificate,' will appear. Click the 'Install Certificate...' button.
- The 'Certificate Import Wizard' will be started. Click the 'Next' button.
- For XP:
- Leave 'Automatically select the certificate...' option selected, and click the 'Next' button.
- For Vista/win7:
- Choose 'Place all certificates in the following store' option, and click the 'Browse' button.
- Click the 'Show physica stores' checkbox.
- Expand the 'Third-Party Root Certification Authorities' folder, and choose 'Local Computer'. Click the 'OK' button.
- Click the 'Next' button.
- This should display the 'Completing the Certificate Import Wizard' dialog. Click the 'Finish' button.
- A 'Security Warning' pop-up will appear. The warning is informing you that the certificate's origin cannot actually be validated. You should know where the certificate is coming from. If you do, click the 'Yes' button to install the certificate.
- A final pop-up informing you that, 'The import was successful,' will be displayed. Click the 'OK' button.
- Restart/Open Chrome and navigate to the site in question. You should not be greeted by the security warning page.
其他系统的证书导入可以参照
http://wiki.cacert.org/FAQ/BrowserClients?action=show&redirect=BrowserClients#Linux
http://blog.avirtualhome.com/adding-ssl-certificates-to-google-chrome-linux-ubuntu/
最后一点 如果想要加认证 可以用squid auth , 以前squid 2.7用的apache的basic http auth,现在squid3里不知道又是什么样子了 或者用pam或者传说中的ldap
前段时间折腾过,似乎没成功,今天再次看到,存档下,下次折腾。