[squid-users] Squid Version 3.5.20 Any Ideas

Yuri yvoinov at gmail.com
Wed Jul 19 18:25:26 UTC 2017 

One out of two. Either the Squid does not see the OpenSSL/system root
CAs bundle, or the proxy CA's public key is not installed in the
clients. It's all.


19.07.2017 23:30, Walter H. пишет:
> Hello,
>
> this seems not to be the problem, as the error messages are in
> cache.log, which is not a browser problem ...
>
> the question: are the SSL bumped sites in intranet, which use a self
> signed CA cert itself, which squid doesn't know?
>
> On 19.07.2017 17:36, Yuri wrote:
>>
>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>
>> http://i.imgur.com/A153C7A.png
>>
>>
>> 19.07.2017 21:34, Cherukuri, Naresh пишет:
>>>
>>> Hi All,
>>>
>>>  
>>>
>>> I installed Squid version 3.5.20 on RHEL 7 and generated self-signed
>>> CA certificates,  My users are complaining about certificate errors.
>>> When I looked at cache.log I see so many error messages like below.
>>> Below is my squid.conf file. Any ideas how to address below errors.
>>>
>>>
>
>>> Cache.log
>>>
>>>  
>>>
>>> 2017/07/18 16:05:34 kid1| Error negotiating SSL connection on FD
>>> 689: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:34 kid1| Error negotiating SSL connection on FD
>>> 1114: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:37 kid1| Error negotiating SSL connection on FD
>>> 146: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:41 kid1| Error negotiating SSL connection on FD
>>> 252: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:41 kid1| Error negotiating SSL connection on FD 36:
>>> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
>>> unknown (1/0)
>>>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170720/be8be0fa/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170720/be8be0fa/attachment.sig>

More information about the squid-users mailing list