[squid-users] ssl-bump doesn't like valid web server

Jason Haar Jason_Haar at trimble.com
Wed Jan 21 08:40:07 UTC 2015


Hi there

I'm running squid-3.4.10 on CentOS-6 and just got hit with ssl-bump
blocking/warning access to a website which I can't figure out why

It's https://myaccount.snap.net.nz/. Signed by a couple of layers of
intermediary certs, but seems fine (works direct with FF/Chrome/MSIE).
curl on the squid server has no trouble accessing it (using default
/etc/pki/tls/certs/ca-bundle.crt), but ssl_crtd creates a fake cert for
it as follows.

Any ideas what's up?

Thanks!


Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=NZ, ST=...., CN=Not trusted by "Squid CA"
        Validity
            Not Before: Sep 22 08:36:12 2014 GMT
            Not After : Nov 22 22:46:24 2017 GMT
        Subject: serialNumber=TDtNUZuQo4Ts9hs8qd1ksekvefvr7hdo,
OU=GT11048499, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain
Control Validated - RapidSSL(R), CN=*.snap.net.nz
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)


-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



More information about the squid-users mailing list