1/ Install openssl and libssl-dev packages
# aptitude install openssl libssl-dev

2/ Donwload squid sources on http://www.squid-cache.org/

3/ Configure it with the openssl option, compile it and install it
# ./configure –enable-ssl –with-openssl=/usr/include/openssl/
# make
# make install

4/ Create necessary certificates (source)
– Creating a private CA –

Go to the OpenSSL bin directory (/usr/local/ssl/misc by default).
There should be a script called CA.sh (and a CA.pl that does the same stuff). This hides all the gruesome details of how this works. Without the script this is a very annoying process.
su to root
Make sure that the OpenSSL bin directory is in your path.

# ./CA.sh -newca

When prompted for CA filename hit return.
Answer the rest of the questions intelligently. The common name would be how this certificate might be referred to. For example, the Equifax Secure CA uses the common name of Equifax Secure Certificate Authority.

– Creating certificates –

# ./CA.sh -newreq

This creates an unsigned certificate request.
The procedure is the same as creating a private CA except you’ll want to use the name of the host that will use the certificate as the common name (host.domain.com). If they don’t match, the client will not like it.
You probably don’t want to use the same passphrase for this as you did with the CA.

# ./CA.sh -sign

It will ask for a PEM pass phrase, that’s the passphrase you set for the private CA you created.
This signs the certificate that you just created with the CA you created just moments before. You can generate multiple certificates. You’ll probably need to. For example, mail.foo.com and www.foo.com each need their own certificate.
The signed certificate is now in the current directory as newcert.pem. If you are going to create more, you should rename this or it will be overwritten be subsequent signatures.

4/ Removing password from key.pem
# mv key.pem key.pem.withpass
# openssl rsa -in key.pem.withpass -out key.pem

5/ Edit /usr/local/squid/etc/squid.conf
http_port 3128 vhost defaultsite=yoursite.com

https_port 443 vhost cert=/path_to/cert.pem key=/path_to/key.pem cafile=/path_to/cacert.pem defaultsite=yoursite.com versi
on=2

cache_peer yoursite.com parent 80 0 no-query originserver

6/ Create squid cache directories and launch squid
# /usr/local/squid/sbin/squid -z
# /usr/local/squid/sbin/squid

Fonte http://www.brichet.be/how-to-setup-a-reverse-proxy-server-over-ssl-squid-debian/

To start with, you'll need OpenSSL. Compilation and installation follow the usual methods. It's worth while to note that the default installs everything in /usr/local/ssl. No need to change this (unless you want to).

After you have this installed, you may want to edit the OpenSSL configuration file with the information for your site so you have pleasant defaults when creating and signing certificates. You'll find this in /usr/local/ssl/openssl.cnf in the section req_distinguished_name Here you can set the defaults (denoted by the _default appended to the variable name). Any settings that do not have a default, such as localityName can have one set by appending _default. In this case you'd set localityName_default.

Now, we move on to creating a private Certificate Authority (CA). First, some explanation. The CA is used in SSL to verify the authenticity of a given certificate. The CA acts as a trusted third party who has authenticated the user of the signed certificate as being who they say. The certificate is signed by the CA, and if the client trusts the CA, it will trust your certificate. For use within your organization, a private CA will probably serve your needs. However, if you intend use your certificates for a public service, you should probably obtain a certificate from a known CA.

In addition to identification, your certificate is also used for encryption. If you're thinking a certificate sounds similar to a PGP key, you're right. They use many of the same methods. Something else PGP and SSL have in common is the RSA encryption algorithm, which is patented. This patent expires in September of 2000, so after that you'll be free to use tools with the RSA algorithm (like OpenSSL). Until that time, to legally use RSA you need a license. RSA Data Security usually allows non-commercial use of the RSA algorithm for academic purposes.

Creating a private CA

• Go to the OpenSSL bin directory (/usr/local/ssl/misc by default).
• There should be a script called CA.sh (and a CA.pl that does the same stuff). This hides all the gruesome details of how this works. Without the script this is a very annoying process.
• su to root
  • Make sure that the OpenSSL bin directory is in your path.
• ./CA.sh -newca
  • When prompted for CA filename hit return.
  • Answer the rest of the questions intelligently. The common name would be how this certificate might be referred to. For example, the Equifax Secure CA uses the common name of Equifax Secure Certificate Authority.

Creating certificates

• ./CA.sh -newreq
  • This creates an unsigned certificate request.
  • The procedure is the same as creating a private CA except you'll want to use the name of the host that will use the certificate as the common name (host.domain.com). If they don't match, the client will not like it.
  • You probably don't want to use the same passphrase for this as you did with the CA.
• ./CA.sh -sign
  • It will ask for a PEM pass phrase, that's the passphrase you set for the private CA you created.
  • This signs the certificate that you just created with the CA you created just moments before. You can generate multiple certificates. You'll probably need to. For example, mail.foo.com and www.foo.com each need their own certificate.
• The signed certificate is now in the current directory as newcert.pem. If you are going to create more, you should rename this or it will be overwritten be subsequent signatures.

Creating client-side certificates

• openssl pkcs12 -export -in certs.pem -inkey certs.key -out file.p12 -name "Client Certificate"

vi é mai capitato di aver installato tante di quelle cose che non sapete più come liberare il telefono?Oppure il telefono fa le bizze e non capite il perchè?

La soluzione in molti casi é un bel deep reset!

Il deep reset può essere fatto in questi tre modi a seconda del vostro smartphone:

- *#7370#
- *#7780#
- accendi il cel pigiando contemporaneamente *+tasto verde+3 e il tasto di accensione fino alla schermata delle mani nokia
 

Spero di esser stato d'aiuto.

A presto

 Tag:  nokia,  smartphone,  reset 

il fido outlook ha tentato di proteggermi anche da questo file access!!! Un pò troppo esagerato no?

Vediamo come risolvere il problema:

apriamo regedit e andiamo alla radice

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security (12.0 dipende dalla vostra versione di office)

creiamo una nuova chiave di tipo stringa e chiamiamola "Level1Remove"

editiamo tale stringa inserendo le estensioni dei file separati da ; che volete far aprire ad outlook ( esempio -> mdb;zip;rar;exe )

Ora aprite outlook :)

 Tag:  outlook,  blocco allegati,