[squid-users] Is there a way on client to show proxy's certificate?

GeorgeShen g2011828 at hotmail.com
Mon Dec 23 06:26:26 UTC 2019

>this is http port, speaking http.  This is not a https port, so you can't
>speak https to it.  The difference between 3128 and 3129 is, when you issue
>CONNECT request to 3129, squid tries to communicate using SSL as if it was
>the destination server (or, whatever you configure in ssl_bump options).

>if you want to talk to squid on port 443, you must configure https_port.

because I'm doing the explicit proxy for https on this proxy server. if I
"https_port 3129 ssl-bump ...", then I get this error when doing the https

2019/12/22 22:07:15| FATAL: ssl-bump on https_port requires tproxy/intercept
which is missing.

so this to me means, i can only configure https_port if I'm using the
intercept method, which I'm not.
Or is there a way to listern to the https_port with explicit proxy?

>>BTW, the https/TLS bump through this server works. when using the openssl
>>s_client, get this result,
>>(it says "no peer certificate available"):

>this looks to me more like failure of setting up SSL protocol.
>I really wonder something SSL related works  at all.
>you should check with:
>openssl s_client -proxy -connect <host:port> -showcerts
>on both squid ports to see the difference.

The above command works for me, but I only get the certs from the real host,
not the proxy server itself.


Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html

More information about the squid-users mailing list