I have Squid Setup as a transparent HTTP+HTTPS proxy in my network, using SSL-Bump. I am having trouble with a handful of domains and those domains showing me cert errors while dumping and splicing, self-signed certificate in the chain, that way I've written the below rule to bump all the requests.
# peek on SslBump1 step
ssl_bump peek step1 all
# just tunnel (no decryption) based on whitelisting (domains)
ssl_bump splice ssl_exclude_domains
#ssl_bump splice all
ssl_bump bump all
The above squid config working fine but it is allowing all the requests, I want to bypass all cert errors via squid to the destination server and also whitelist some domains so I can easily block non-whitelisted domains.
Can anyone help me, how can whitelist domains and exclude domains that have cert errors?
