1. Update koleksi
ports di FreeBSD untuk mendapatkan versi terbaru dan terupdate:# portsnap fetch
# portsnap extract
# portsnap updateSVN# svn checkout svn://svn.freebsd.org/ports/head /usr/portsSSLBump:# cd /usr/ports/www/squid
# make menuSSL dan ssl_crtd support dicentang!
# make install clean# mkdir /usr/local/squid/ssl_db (Untuk penyimpanan cert-cache)
# chown -R squid:squid /usr/local/squid/ssl_db
# mkdir /usr/local/etc/squid/certs (Untuk penyimpanan cert self-signing)
# chown -R squid:squid /usr/local/etc/squid/certssquid:
# cd /usr/local/etc/squid/certs
# openssl req -new -newkey rsa:1024 -days 1365 -nodes -x509 -keyout squid.pem -out squid.pem
# openssl x509 -in squid.pem -outform DER -out squid.der (DER Format)
# openssl x509 -in squid.pem -outform DER -out squid.crt (CRT Format)
squid.conf:
# grep ssl /usr/local/etc/squid/squid.conf
https_port yyy.yyy.yyy.yyy:xxxx transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/etc/squid/certs/squid.pem
ssl_bump splice localhost
ssl_bump server-first all
ssl_bump bump all
sslproxy_cert_error deny all
sslproxy_flags DONT_VERIFY_PEER
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /usr/local/squid/ssl_db -M 4MB
sslcrtd_children 32 startup=5 idle=1
# /usr/local/libexec/squid/ssl_crtd -c -s /usr/local/etc/squid/certs/ssl_db (Initialized SSLdb)
# /usr/local/etc/rc.d/squid start
squid:# vim /etc/rc.firewall
${fwcmd} add 10 fwd ${ipproxy},${porthttpsproxy} tcp from ${ipclient} to any dst-port ${porthttps} in via ${ifint0}
ipproxy="ip_proxy_server"
porthttpsproxy="port_squid_for_https" // See squid.conf.manual for detail
ipclient="ip_client" // For example: 192.168.0.0/24
porthttps="443" // HTTPS port default
ifint0="LAN_eth" // Ethernet connected to LAN directly
# vim /etc/pf.conf
rdr pass on $ifint0 proto tcp from $ipclient to any port 443 -> $ipproxy port $porthttpsproxy
squid.der (Windows aja) atau squid.crt (untuk format Android/Windows):C:\> certmgr.msc (Simpan di bagian CA certificate, klik2 aja deh sendiri...)