[squid-users] How to know, which CA certificate is absent?
Yuri Voinov
yvoinov at gmail.com
Thu Jan 15 11:14:19 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Is it possible to know though URL, wich is got an error?
Because of messsage not informative itself.
15.01.2015 17:10, Amos Jeffries пишет:
> On 16/01/2015 12:00 a.m., Yuri Voinov wrote:
>
> > Hi gents,
>
> > I have question.
>
> > Look:
>
> > 2015/01/15 16:48:50 kid1| clientNegotiateSSL: Error negotiating
> > SSL connection on FD 209: error:14094418:SSL
> > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15
> > 16:50:50 kid1| clientNegotiateSSL: Error negotiating SSL connection
> > on FD 216: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> > unknown ca (1/0) 2015/01/15 16:52:51 kid1| clientNegotiateSSL:
> > Error negotiating SSL connection on FD 42: error:14094418:SSL
> > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15
> > 16:54:54 kid1| clientNegotiateSSL: Error negotiating SSL connection
> > on FD 107: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> > unknown ca (1/0)
>
> > Question is: How to debug SSL bump to know, which intermediate
> > certificate is absent in capath to get and install it to avoid
> > this annoying messages?
>
> The message is generated by OpenSSL and is all we get given.
>
> AFAIK a manual test using the openssl command line tool is needed to
> find out more.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUt6ELAAoJENNXIZxhPexGHi0IALp9w7bNWyXZ2dlaK4/Gxx2R
4l/FkP54lYhP6IASFbUqBFTdIL6HqRorlnrB0+Dk2FfaR6T316OMmC6fBXMCE3WO
gbpdFwp5hX3EE3IqV4pSzYW0EWkVQ9oJ/NIBVj3NzHm1S4UQqGuGi+3NwbMuH1hX
YfZCYgEJrrpSQrcy908VyAKqbjeiSxRdtKMpu4MUPP9y+Z/iQ3HJYIff5clLbS+c
TaWr17Epk/Mhg+YzFG+2isLlzXakhVcyHx13sJtY8dzaRhk8yav5Fo0qroRKlYzA
QPsy2BcBziah6XV2E5Dk+Hfevir01gGijXy0MCDVXJds8rAGcLPO1AXlm6PedlE=
=Bn++
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150115/ebd1c8a4/attachment.html>
More information about the squid-users
mailing list