[squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?
yvoinov at gmail.com
Thu Sep 7 21:24:25 UTC 2017
miss end of message :)
Check all CA's chain. It is possible your root CA's bundle not complete.
I usually use root CA's from Mozilla (added to squid.conf as one file)
and own self-supported intermediate CA's list (file).
But in addition I'm using Squid 5.x with working cert's downloader ;)
08.09.2017 3:14, L A Walsh пишет:
> Got an error message from squid where I'm doing https-bumping:
> The following error was encountered while trying to retrieve the URL:
> *Failed to establish a secure connection to 18.104.22.168*
> The system returned:
> (71) Protocol error (TLS code:
> SSL Certficate error: certificate issuer (CA) not known:
> /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec
> Class 3 Secure Server CA - G4
> This proxy and the remote host failed to negotiate a mutually
> acceptable security settings for handling your request. It is possible
> that the remote host does not support secure connections, or the proxy
> is not satisfied with the host security credentials.
> Googling found:
> Used openssl.com to get the intermediate certs (2 hosts are referenced
> in parallel chains). The two certs looked like:
> -----BEGIN CERTIFICATE-----
> -----END CERTIFICATE-----
> Added the certs to a file and that filename to my squid.conf on a line:
> sslproxy_foreign_intermediate_certs /etc/squid/ssl_intermediates/cert.pem
> restarted squid, but am still getting same error.
> Am I missing some obvious step?
> Looking for a clue... ;-)
> squid-users mailing list
> squid-users at lists.squid-cache.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the squid-users