[squid-users] SSL bump not working w/some sites.

L. A. Walsh squid-user at tlinx.org
Tue Nov 8 02:40:57 UTC 2016

Alex Rousskov wrote:
> On 11/07/2016 11:59 AM, L. A. Walsh wrote:
>> I have the SSL bump feature setup and so far have been happy with
>> it, but today, I got an error from a website, 
> You got an error from Squid, not a website.
>> saying they detect my
>> ability to monitor my webtraffic and refuse to allow it:
> Actually, the error says that Squid refuses to trust the web server.
	Really.  Interesting (so much for my ability to understand
error messages...)

>> The system returned:
>>    (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
>>    Self-signed SSL Certificate in chain: /C=US/O=Entrust, Inc./OU=See
>> www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized
>> use only/CN=Entrust Root Certification Authority - G2
> ... because your Squid/OpenSSL setup does not trust the above root
> certificate at the end of the server certificate chain.
	Weird.  I don't know who they are... it is on/for a US gov
website...   Given all the hacks going on recently, not so sure
I should just accept it.

More information about the squid-users mailing list