[squid-users] Using subordinate CA for SSL Bump

Walter H. Walter.H at mathemainzel.info
Fri Dec 18 04:48:03 UTC 2015


On 17.12.2015 18:01, Alex Rousskov wrote:
> On 12/17/2015 03:12 AM, Yuri Voinov wrote:
>> This looks like. Root CA doesn't send. Subordinate CA uses as signer for
>> mimicked. All and any clients got security alert.
>
> There may still be some terminology misunderstanding here because not
> sending the root certificate is the right thing to do
as a correct configured web server does;
this sends only its SSL certificate with the issuing intermediate plus 
any other intermediate certificate,
but no root certificate ...

so in this case there is just the intermediate certificate the one squid 
uses for SSL bump;
the root certificate is installed on the clients and both the mimicked 
and the intermediate are sent by squid,
and all is fine;

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151218/37a4726f/attachment.bin>


More information about the squid-users mailing list