[squid-users] AIA fetching in squid
Yann Girardin
ygirardin at olfeo.com
Wed Feb 6 09:10:21 UTC 2019
Hi all,
I am using ssl bump and it's work fine a lot of SSL sites, but some of those are misconfigured and squid won't succeed to get the correct certificate, and give me the following error :
SEC_ERROR_UNKNOWN_ISSUER
Looking on the internet I understand that this is a SSL server misconfiguration, but I know that some browser like safari, and chrome are implementing the AIA fetching to get the missing certificates using the information store in the authority information access of the certificate.
Is there a way to activate this AIA fetching in squid or do i have to implement it myself using a helper with the sslcrtvalidator_program ?
Thanks
[cid:image002.png at 01D4BE04.2B0E4890]
Yann Girardin
Product Owner
t : +33 (0)1 84 17 71 75
e : ygirardin at olfeo.com<mailto:ygirardin at olfeo.com>
w : www.olfeo.com<https://www.olfeo.com/>
4 rue de Ventadour, 75001 Paris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190206/1d3ea60c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 13389 bytes
Desc: image002.png
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190206/1d3ea60c/attachment.png>
More information about the squid-users
mailing list