[squid-users] Troubleshooting certificate issues
l.marcantonio at proxind.it
Wed Nov 11 14:30:12 UTC 2020
On Wed, Nov 11, 2020 at 03:13:19PM +0100, Dieter Bloms wrote:
> for me it looks like the server doesn't deliver the intermdeiate
> certificate and your squid proxy doesn't download this certificate
Well, squid couln't download even if wanted if it isn't supplied by the
server. AFAIK there is no field in the certificate to hold an url to
download the signer one. In fact in the past I had to put some
intermediates in the cert store (OK, not great, not recommended, but at
least it works).
That aside, if I save the certificate as a PEM from the browser (*only*
the certificate, not the whole chain) and I do an openssl verify on it
it validates, so in the store there are all the certs needed to verify
it. I even tried doing it as the squid user in case of permission
For some reason squid doesn't like *some* certificates. And I don't
think that so many sites anyway send incomplete chains.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the squid-users