[squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?
L A Walsh
squid-user at tlinx.org
Thu Sep 7 21:14:40 UTC 2017
Got an error message from squid where I'm doing https-bumping:
--------------------------
The following error was encountered while trying to retrieve the URL:
https://help.ea.com/
*Failed to establish a secure connection to 52.0.220.87*
The system returned:
(71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
SSL Certficate error: certificate issuer (CA) not known:
/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec
Class 3 Secure Server CA - G4
This proxy and the remote host failed to negotiate a mutually acceptable
security settings for handling your request. It is possible that the
remote host does not support secure connections, or the proxy is not
satisfied with the host security credentials.
--------------------------------
Googling found:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Howto-fix-X509-V-ERR-UNABLE-TO-GET-ISSUER-CERT-LOCALLY-Squid-error-td4682015.html
Used openssl.com to get the intermediate certs (2 hosts are referenced
in parallel chains). The two certs looked like:
-----BEGIN CERTIFICATE-----
...hexstuff==
-----END CERTIFICATE-----
Added the certs to a file and that filename to my squid.conf on a line:
sslproxy_foreign_intermediate_certs /etc/squid/ssl_intermediates/cert.pem
restarted squid, but am still getting same error.
Am I missing some obvious step?
Looking for a clue... ;-)
Thanks!
-l
More information about the squid-users
mailing list