[squid-users] Using subordinate CA for SSL Bump
marcus.kool at urlfilterdb.com
Mon Dec 14 23:48:04 UTC 2015
On 12/14/2015 09:16 PM, Amos Jeffries wrote:
> With all that looking hopeful, and the certs identified as the secondary
> chain being attached (everything except the firstprimary/signing cert).
> I'm not actually finding anywhere sending the actual signing certificate
> itself during the bumping steps. So Squid may be horribly sending
> all-but-one of the certs needed, on the assumption that the signing cert
> is itself installed on the client.
The RFC says that it is not necessary to send the signing CA certificate.
More information about the squid-users