[squid-users] ssl bump intermediate certificate

Marek Greško mgresko8 at gmail.com
Wed Oct 30 20:49:54 UTC 2019


Matus, I also found the document. It should be sending the chain, but
is not. When I specify cafile option it responds I shoud use
tls-cafile. But in either case it is not sending.

Walter, if squid has such requirement, then it is unfinished. Every
other proxy is able to run its CA as an intermediate and clients
install only root CA. The proxy should be responsible to hold the
chain. The url Matus sent is the correct way how to do it, but is is
not working. At least not in 4.8 vesion.


2019-10-30 10:42 GMT+01:00, Matus UHLAR - fantomas <uhlar at fantomas.sk>:
>>On 30.10.2019 05:59, Marek Greško wrote:
>>>I am trying to configure ssl bumping on squid 4.8 but my browser is
>>>not able to validate the certificate due to intermediate certificate
>>>missing. How could I convince squid to send it?
> On 30.10.19 10:11, Walter H. wrote:
>>the ssl-bum certificate is either a root certificate itself which must
>>be installed on the clients or an intermediate, where
>>the root and all intermediates between must be installed on the clients
> do you mean that squid won't send intermediate certificate?
> this should be:
> https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpWithIntermediateCA
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Honk if you love peace and quiet.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list