Install certificate authority for upstream proxy?


How does one add a CA for an upstream proxy?

Would it need to be added by hand in /etc/ssl/certs somehow considering update-ca-certificates is unavailable…

cat ./upstream-ca.crt >> /etc/ssl/certs/ca-bundle.crt


Hello @sevenqueue. Welcome to our community.

IPFire has removed SSL support in Squid years ago. Without SSL bumping mode, Squid generally operates as a pass-through for SSL traffic, which means it wouldn’t inspect or manipulate the SSL certificate from the upstream proxy. Therefore, you would not need to install the CA certificate of the upstream proxy in Squid running on IPFire in that scenario. The SSL handshake and certificate verification would be done directly between the client and the upstream proxy.

1 Like

I probably should have mentioned I needed to add the cert for pakfire otherwise it blocked updates etc. The above cat command did the trick.