[squid-users] Using subordinate CA for SSL Bump

Marcus Kool marcus.kool at urlfilterdb.com
Mon Dec 14 23:48:04 UTC 2015



On 12/14/2015 09:16 PM, Amos Jeffries wrote:

> With all that looking hopeful, and the certs identified as the secondary
> chain being attached (everything except the firstprimary/signing cert).
> I'm not actually finding anywhere sending the actual signing certificate
> itself during the bumping steps. So Squid may be horribly sending
> all-but-one of the certs needed, on the assumption that the signing cert
> is itself installed on the client.

The RFC says that it is not necessary to send the signing CA certificate.

Marcus

> Amos


More information about the squid-users mailing list