[squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?
Yuri
yvoinov at gmail.com
Thu Sep 7 21:52:40 UTC 2017
08.09.2017 3:49, Yuri пишет:
>
> 08.09.2017 3:46, L A Walsh пишет:
>> Yuri wrote:
>>> Ooooops,
>>>
>>> miss end of message :)
>>>
>> ---
>> I did search first! ;^)
>>
>>
>>
>>> Check all CA's chain. It is possible your root CA's bundle not complete.
>>>
>> ---
>> Likely problem...
>>
>>
>>> I usually use root CA's from Mozilla (added to squid.conf as one file)
>>> and own self-supported intermediate CA's list (file).
>>>
>> ----
>> How often do they update? I.e. should I set up a cron job to download
>> and concatenate the CA's? Is there a preferred D/L URL?
> I added to cron once per month update. Script (specific to my setups) to
> update and reconfigure squid.
> I use this URL:
> https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
>
>>
>>
>>
>>
>>> But in addition I'm using Squid 5.x with working cert's downloader ;)
>>>
>> ----
>> :^/ --- hmmm.... and I'm not even running 4.x... *ouch*...
3.5.26 (last known) works with relatively complete intermediates and
with some manually added root CA's.
>>
>> Is that going to be backported to 3.x? Isn't 4.x the beta/devel version,
>> or is it 4.x=beta and 5.x=devel?
AFAIK it's not planning to backport it to 3.x, can't say about current
4.x. A bit long time migrated to development 5.x. Due to required features.
>>
>>
>> Tnx!
>> -l
>>
>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170908/95f4e1bb/attachment.sig>
More information about the squid-users
mailing list