[squid-users] squid sslbump and certificates

Vieri rentorbuy at yahoo.com
Mon May 29 22:11:44 UTC 2017

From: Rafael Akchurin <rafael.akchurin at diladele.com>
> This article tries to explain why it happens.
> https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html#ssl-certificate-test-tool-in-web-safety-5

> To fix it - better use what Yuri recommended in http://squid-web-proxy-cache.1019090.n4.nabble.com/Howto-fix-X509-V-ERR-UNABLE-
> TO-GET-ISSUER-CERT-LOCALLY-Squid-error-td4682015.html

Thanks Raf. That really helped.

I successfully installed the intermediate certificate as a trusted CA system-wide with openssl (used 'update-ca-certificates').

However, I tried using the Squid config directive for intermediate certs instead, but failed.

This is what I did:

# wget http://somewhere/intermediate.crt -O intermediate.der
# openssl x509 -inform der -in intermediate.der -out intermediate.crt
# cat intermediate.crt >> /usr/local/share/proxy-settings/allowed.certs
In squid.conf:
sslproxy_foreign_intermediate_certs "/usr/local/share/proxy-settings/allowed.certs"
Restarted Squid but still had the same error page.

I guess I can stick to the system-wide openssl solution for now.

Thanks again,


More information about the squid-users mailing list