[squid-users] Squid won't download intermediate certificates

info at schroeffu.ch info at schroeffu.ch
Thu Jan 30 08:15:15 UTC 2020


Hi av,

have had the same issue due to authenticate any user before passing the proxy. Squid couldn't fetch the intermediate certificates.
I added the following in squid.conf before the line "acl Authenticated_Users proxy_auth REQUIRED":

###
#Allow fetch intermediate certs before required authentication
acl fetched_certificate transaction_initiator certificate-fetching
cache allow fetched_certificate
http_access allow fetched_certificate
###

Hope this helps you too.

Lot regards
Schroeffu

PS: DKIM verification failed for sender ml at netfence.it

30. Januar 2020 08:51, "Andrea Venturoli" <ml at netfence.it> schrieb:

> Hello.
> 
> I'm experimenting SSLBump and I've got a problem: when a client visits a
> site which won't provide intermediate SSL certificates, the connection
> will fail.
> I read Squid 4 should download such certificates itself, however this
> does not succeed.
> I see in the logs something like:
> 
>> 1580334345.045 1 - TCP_DENIED/403 3634 GET
>> http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt - HIER_NONE/-
>> text/html;charset=utf-8
> 
> Seems like an ACL problem.
> There is no source IP, but a - (dash): I guess this means the connection
> was originated from Squid itself.
> 
> Is there a specific keyword I need to use to allow such connections?
> "localhost" doesn't seem to do the trink.
> 
> Any help appreciated.
> 
> bye & Thanks
> av.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list