[squid-users] Squid works with ssl bump in intercept mode and root certificate in browser, but apps does not work

arun.xavier innovature.arun.xavier at gmail.com
Thu May 18 10:26:22 UTC 2017

I have configured squid with ssl-bump (intercept mode) and it works as
expected while accessing secure sites from browsers.

What I have done so far.

 - Configured squid.
 - created a root& intermediate certificate for dynamic cert generation in
     installed the same root certificate in mobile device(iphone 6 -iOS-10).
 - Every website works on chrome/safari.

But apps like facebook,twitter are not working(showing network error).

When checking cache log of squid, I found the below log.

/Error negotiating SSL connection on FD 12: error:14094418:SSL
routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0)
It looks like initial CONNECT/Handshake is not working.

what I have changed in squid.conf
acl localnet src
acl localnet src fe80::/10
acl allow localnet
ssl_bump bump all
always_direct allow all
http_port localhost:3128
http_port localhost:3129 intercept
https_port localhost:3130 intercept ssl-bump generate-host-certificates=on
strip_query_terms off

Any idea how to fix this? or where to check? What might be my mistake ?
I use squid to get logs of all internet traffic from mobile devices.
Overview of my intented system is like this:

View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-works-with-ssl-bump-in-intercept-mode-and-root-certificate-in-browser-but-apps-does-not-work-tp4682451.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list