[squid-users] AIA fetching in squid
Dieter Bloms
squid at bloms.de
Wed Feb 6 10:56:47 UTC 2019
Hello,
On Wed, Feb 06, Yann Girardin wrote:
> I am using ssl bump and it's work fine a lot of SSL sites, but some of
> those are misconfigured and squid won't succeed to get the correct
> certificate, and give me the following error :
> SEC_ERROR_UNKNOWN_ISSUER
>
> Looking on the internet I understand that this is a SSL server
> misconfiguration, but I know that some browser like safari, and chrome
> are implementing the AIA fetching to get the missing certificates
> using the information store in the authority information access of the
> certificate.
>
> Is there a way to activate this AIA fetching in squid or do i have to
> implement it myself using a helper with the sslcrtvalidator_program ?
I've added these few lines:
--snip--
acl fetch_intermediate_certificate transaction_initiator certificate-fetching
http_access allow fetch_intermediate_certificate
cache allow fetch_intermediate_certificate
cache deny all
--snip--
--
Regards
Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
More information about the squid-users
mailing list