[squid-users] SSLBUMP certificate verify failed

Roman Gelfand rgelfand2 at gmail.com
Sun Jan 17 21:13:11 UTC 2016 

I am not sure where I am going wrong here...


ssl bump certificate
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout
squidCA.pem  -out squidCA.pem

The der certificate was generated and deployed on client computer trusted
root
openssl x509 -in squidCA.pem -outform DER -out squidCA.der


squid.conf
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/ssl_cert/squidCA.pem


On Sun, Jan 17, 2016 at 1:58 PM, Yuri Voinov <yvoinov at gmail.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> No.
>
> 18.01.16 0:56, Roman Gelfand пишет:
> > I am getting an error, below, in a cache.log.  How can I identify the
> > request associated with this error?  It doesn't appear to be an issue
> with
> > client-to-proxy.  It seems like a problem with proxy-to-remote_server.
> >
> > Error negotiating SSL on FD 43: error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >
> >
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJWm+Q5AAoJENNXIZxhPexGCx4H/1GA/dIKAJ2QKZEBwClw7Ii2
> eVgV8HvEBQzzX1hXwWcJetnbEnQWyc6EHZ+hSi9z5Sh4Ybgy1LdtzocecXWWnSl8
> sZZth8aVqEdB/2yQCzq4t1Hs0myPhgJbI3yBAs3NUBsdZbJeNLi9PHgSxAKjMs4Q
> rEdPfi/EbCE7ihHlCsX+iGD7dly4wMmmBxzy3+VRnv7m0/OD0/S82G3edlpVFUpk
> 0OtzyvvyTcvIFLJZmXCCZleliS6lBXCQ+iiQ2A8JwrO2cleIbzoNStR6HYDZbI8l
> aVCy1ogJae2IM1WNx3sARJExXq3uYz9PkZO1qY1y1T9jUDYdhbIkPbrYu4MAc6I=
> =+ss3
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160117/1de075ec/attachment.html>

More information about the squid-users mailing list