relayd ssl forward proxy

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

relayd ssl forward proxy

Bogdan Andu

I need to set-up a forward proxy using relayd with ssl.

My /etc/relayd.conf:

prefork 1

http protocol httpfilter {
        return error

        match label "Prohibited!"
        block url ""

        # New configuration directives for SSL Interception
        ssl ca key "/etc/ssl/private/ca.key" password "Pizda123"
        ssl ca cert "/etc/ssl/ca.crt"

relay sslinspect {
        listen on port 3128 ssl
        protocol httpfilter
        forward with ssl to destination

The password is correct (btw, wouldn't be useful a password-less option?).

And in my  /etc/pf.conf I have:
# Divert incoming HTTPS traffic to relayd
pass in on $ext_if inet proto tcp to port 443 divert-to localhost port 3128

Certificate and key were generated using command (with above password):
$ sudo  openssl req -x509 -days 365 -newkey rsa:2048 -keyout
/etc/ssl/private/ca.key -out /etc/ssl/ca.crt

however when executing :
$  sudo /usr/sbin/relayd  -vv -d -f /etc/relayd.conf
/etc/relayd.conf:39: cannot load certificates for relay sslinspect
no actions, nothing to do
hce exiting, pid 3636
ca exiting, pid 30905
pfe exiting, pid 31337
relay exiting, pid 11039

System: 5.6/amd64

Why the certificate cannot be loaded?