I would like to set up a transparent SSL corporate proxy with either privoxy or squid.
One of the snags in my plan is understanding what kind of SSL certificate is required. I know I can get a multi-domain / wildcard SSL certificate; however, that is only intended to cover sub-domains for a single organization. It would seem that I need a wildcard cert for every TLD now and future on the planet.
I do not want security warnings popping up when users go through the proxy due to security-checks failing; I would also like to avoid installing a manual CA trust in browsers if possible. However, if commercial solutions are not feasible, what solutions are available for a self-signed cert?
Questions:
- Is this possible?
- If all constraints cannot be met, what is the best I can do?
- What is the least-cost path to success in a mixed windows / linux environment with the following browsers supported: IE, Firefox, Chrome?
No comments:
Post a Comment