[squid-users] squid sslbump and certificates
rentorbuy at yahoo.com
Mon May 29 22:11:44 UTC 2017
From: Rafael Akchurin <rafael.akchurin at diladele.com>
> This article tries to explain why it happens.
> To fix it - better use what Yuri recommended in http://squid-web-proxy-cache.1019090.n4.nabble.com/Howto-fix-X509-V-ERR-UNABLE-
Thanks Raf. That really helped.
I successfully installed the intermediate certificate as a trusted CA system-wide with openssl (used 'update-ca-certificates').
However, I tried using the Squid config directive for intermediate certs instead, but failed.
This is what I did:
# wget http://somewhere/intermediate.crt -O intermediate.der
# openssl x509 -inform der -in intermediate.der -out intermediate.crt
# cat intermediate.crt >> /usr/local/share/proxy-settings/allowed.certs
Restarted Squid but still had the same error page.
I guess I can stick to the system-wide openssl solution for now.
More information about the squid-users