[squid-users] SSL3_GET_SERVER_CERTIFICATE failed
G~D~Lunatic
747620227 at qq.com
Thu Dec 7 07:47:02 UTC 2017
my squid is a transparent proxy.
the cache.log shows that
2017/12/07 15:42:53 kid1| Error negotiating SSL connection on FD 175: Closed by client
2017/12/07 15:42:54 kid1| Error negotiating SSL on FD 95: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
2017/12/07 15:42:55 kid1| Error negotiating SSL connection on FD 124: Closed by client
2017/12/07 15:42:56 kid1| Error negotiating SSL on FD 52: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (1/-1/0)
what's the problem? thank you
Here is my configure
https_port 192.168.51.200:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem options=NO_SSLv3,NO_SSLv2
acl broken_sites ssl::server_name matchweb.sports.qq.com
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump splice broken_sites
#ssl_bump splice all
ssl_bump stare ssl_step1
ssl_bump bump ssl_step2
ssl_bump terminate ssl_step3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171207/a264590c/attachment.html>
More information about the squid-users
mailing list