[squid-users] SSLBUMP certificate verify failed

Yuri Voinov yvoinov at gmail.com
Sun Jan 17 21:14:54 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
This is most probably client certificate error. IM or something. You can
ignore it if users not compliances.

18.01.16 3:13, Roman Gelfand пишет:
> I am not sure where I am going wrong here...
>
>
> ssl bump certificate
> openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout
> squidCA.pem  -out squidCA.pem
>
> The der certificate was generated and deployed on client computer trusted
> root
> openssl x509 -in squidCA.pem -outform DER -out squidCA.der
>
>
> squid.conf
> http_port 3128 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/usr/local/ssl_cert/squidCA.pem
>
>
> On Sun, Jan 17, 2016 at 1:58 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
>
>>
> No.
>
> 18.01.16 0:56, Roman Gelfand пишет:
> >>> I am getting an error, below, in a cache.log.  How can I identify the
> >>> request associated with this error?  It doesn't appear to be an issue
> with
> >>> client-to-proxy.  It seems like a problem with proxy-to-remote_server.
> >>>
> >>> Error negotiating SSL on FD 43: error:14090086:SSL
> >>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> squid-users mailing list
> >>> squid-users at lists.squid-cache.org
> >>> http://lists.squid-cache.org/listinfo/squid-users
>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWnAROAAoJENNXIZxhPexGiYoIAKGr+aaDXmQpEK7bm295Sod+
q53gTVZgEe5BqX24pG2GYTjbh9sVNNQmBsOo3Vit3/iDd4lfr+mWYVVFgx7amFCo
i7ij6oUHeDYeviumldb3lWGQ9H8hEGfGNT4AF41OFg9R/bnj89sJSU80i+rQDiVz
FGZQCFMKAgPZm/EqJABh2/KgdAuJi386klqxq+42LAF94ANDzykcyqaozkYp4cMy
voguB4ZcyCMwHxlvXf9nWqbDc5p82JsYc+Ye25Pka5bO3UrGXK6lzqWjwXeVDamT
UIO0FLxk4PrCom+wdldFbUtqJUf02cexthYyBdIYSLQgKkmvjJaWfM8y10zqs8s=
=Dtmn
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160118/70a6dca9/attachment-0001.html>


More information about the squid-users mailing list