[squid-users] squid 4.5, can't download certificate?
Dmitry Melekhov
dm at belkam.com
Fri Jan 18 11:35:40 UTC 2019
17.01.2019 21:02, Alex Rousskov пишет:
> On 1/16/19 10:30 PM, Dmitry Melekhov wrote:
>
>> 2019/01/17 09:18:21 kid1| ERROR: negotiating TLS on FD 55: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)
>
>> In access log:
>> 1547702300.945 0 192.168.22.229 NONE/503 329 GET https://lkk-udm.esplus.ru/Services/Auth.asmx/Safe? dm HIER_NONE/- text/html
>> 1547702301.304 84 - TCP_MISS/404 162 GET http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt-/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff-GETmyip=-myport=0 - HIER_DIRECT/91.199.212.52 text/html
> Your Squid (or some helper) appears to be adding an
> "-/ffff...GETmyip=-myport=0" suffix to the crt.sectigo.com URL,
> resulting in a 404 response from that server. That suffix is not present
> in the lkk-udm.esplus.ru certificate AFAICT:
Yes, I suspected this, there is no helper which can add this, as far as
I know, I'm out of office till Monday, I'll turn everything possible off
on Monday, and retest,
but I don't th think is is helper...
Could you tell me - can squid add this and , if yes, how can I turn
this off?
Thank you!
>> $ openssl x509 -in cert.pem -noout -text | fgrep http:
>> URI:http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl
>> CA Issuers - URI:http://crt.comodoca.com/COMODORSADomainValidationSecureServerCA.crt
>> OCSP - URI:http://ocsp.comodoca.com
More information about the squid-users
mailing list