[squid-users] Squid won't download intermediate certificates

Andrea Venturoli ml at netfence.it
Thu Jan 30 07:50:34 UTC 2020


I'm experimenting SSLBump and I've got a problem: when a client visits a 
site which won't provide intermediate SSL certificates, the connection 
will fail.
I read Squid 4 should download such certificates itself, however this 
does not succeed.
I see in the logs something like:
> 1580334345.045      1 - TCP_DENIED/403 3634 GET http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt - HIER_NONE/- text/html;charset=utf-8

Seems like an ACL problem.
There is no source IP, but a - (dash): I guess this means the connection 
was originated from Squid itself.

Is there a specific keyword I need to use to allow such connections?
"localhost" doesn't seem to do the trink.

Any help appreciated.

  bye & Thanks

More information about the squid-users mailing list