Web lists-archives.com

Re: https_port




On Thu, Jun 08, 2017 at 11:18:16AM -0700, Adiel Plasencia Herrera wrote:
  Hello,
  I do not look for security, is that having no real internet ip in my
  company I need certain programs to go to the internet and for that I
  use proxycap (http://www.proxycap.com/) that makes me this function
  perfectly through the proxy . What happens is that with HTTP does not
  work and I need to pass my squid to use HTTPS authentication for the
  program (proxycap) to work well.

I don't think squid works with NTP at all, but it's been a few years
since I played with Squid, so maybe someone else will be able to give
better advice.


  A friend told me that for https_port to work I needed validated
  certificates, not self-generated ones. I do not know to what extent
  this has to be so because the configuration I need is customized for
  me only and would be internal to my company that does not have
  visibility to the internet because this squid is a child of another
  that is the one that has the real internet ip .

  I need the help to correctly create those certificates and the
  options to put in the line https_port.

  I am very novice in squid and linux.

  Thank you

    -----Original Message-----
    From: Henrique de Moraes Holschuh <hmh@xxxxxxxxxx>
    To: debian-user@xxxxxxxxxxxxxxxx
    Date: Thu, 8 Jun 2017 11:55:38 -0300
    Subject: Re: https_port

    On Thu, 08 Jun 2017, Darac Marjal wrote:
    > On Thu, Jun 08, 2017 at 08:41:14AM -0700, Adiel Plasencia Herrera
    wrote:
    > >How to generate the certificate and the key to make a very
    > >basic  configuration of the https connection.
    >
    > NTP doesn't use HTTPS. It uses its own port, it's own protocol
    and
    > implements standard cryptography in a manner more suited to the
    > protocol.
    >
    > See [1]https://www.eecis.udel.edu/~mills/ntp/html/autokey.html
    for more
    > details.

    Don't bother with autokey, it is not worth the pain.  If you can
    use ntp
    symmetric key authentication, that one should take care of your
    servers
    well enough.

    There is no security for anything that is based on SNTP, though
    (that
    "S" is for Simple, not Secure), you'd have to do it in a lower
    layer
    (local firewall, IPSEC AH, whatever).

    --
      Henrique Holschuh

References

  Visible links
  1. https://www.eecis.udel.edu/~mills/ntp/html/autokey.html

--
For more information, please reread.

Attachment: signature.asc
Description: PGP signature