[squid-users] How are others handling missing intermediate certificates?
Josep Borrell
jborrell at central.aplitec.com
Tue Apr 28 06:45:04 UTC 2015
Hi Tom,
Did you saw the thread “ssl_bump peek in squid-3.5.3” from James Lay ?
Maybe can help
Josep
De: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] En nombre de Tom Harris
Enviado el: lunes, 27 de abril de 2015 23:09
Para: squid-users at lists.squid-cache.org
Asunto: [squid-users] How are others handling missing intermediate certificates?
In SSL bump mode, I find I am hitting sites with incomplete certificate chains fairly often. When accessed directly, browsers will work it out - I guess by downloading the missing CA certs.
I know I can load the intermediate CA certs in my system DB as I encounter the issues. But, I'm wondering if others have more proactive solutions. Is there a list of commonly encountered certs, maybe just a subset like the top tier CAs? Or, is this being addressed in code making squid behave like browsers do?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150428/9d87ecc1/attachment.html>
More information about the squid-users
mailing list