[squid-users] Troubleshooting certificate issues
l.marcantonio at proxind.it
Wed Nov 11 11:56:32 UTC 2020
I'm using 4.13 with libressl 3.2.2 and SSL bumps. Most of the time
it works (e.g. google). Some other time it get me back a 'fake untrusted'
certificate (like CN=Not trusted by \"proxy.proxind.it\") and this of
course gives user issues.
In the logs I see lines like
2020-11-11 12:47:59.314124500 L 290 192.168.2.102 NONE/200 0 CONNECT www.selcdn.ru:443 - HIER_DIRECT/220.127.116.11 - /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY at depth=2
which suggest something missing in the certificate store.
However testing with openssl verify the certificate from the server
(extracted with a browser *outside* the squid network) it verifies OK.
The certs.pem file is the same (I checked:P) so I don't get why it
should fail. In fact I ensured it with tls_outgoing_options cafile=/var/lib/openssl/certs.pem
Any ideas on how to solve/troubleshoot/workaround the problem?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the squid-users