[squid-users] squid self signed cert error on some websites
robert k Wild
robertkwild at gmail.com
Wed May 19 14:41:18 UTC 2021
ok i found out what the error is
its because in my squid.conf, i have a whitelist file
#HTTP_HTTPS whitelist websites
acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt"
http_access allow activation whitelist
http_access deny all
once i added the url to that file, it worked
but surely, instead of giving me an error saying
secure connection failed
Error code: SEC_ERROR_BAD_SIGNATURE
it should be the default error ie
The following error was encountered while trying to retrieve the URL:
https://blah.blah
Access Denied.
how can i change this please
thanks,
rob
On Wed, 19 May 2021 at 13:54, robert k Wild <robertkwild at gmail.com> wrote:
> hi all,
>
> i have squid 4.15
>
> i have imported my self signed cert on firefox and now i can access https
> website (where as before i got a software is preventing this website from
> opening)
>
> but on some websites i get an error saying
>
> secure connection failed
> Error code: SEC_ERROR_BAD_SIGNATURE
>
> i attach my ssl bump conf in my squid.conf file
>
> #SSL Bump
> http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> cipher=HIGH:MEDIUM:RC4:3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!PSK:!SRP:!DSS
> sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s
> /var/lib/ssl_db -M 4MB
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
>
> is there anything wrong you can see, i have tried to make a new CA but
> error still occures
>
> thanks,
> rob
>
> --
> Regards,
>
> Robert K Wild.
>
--
Regards,
Robert K Wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210519/e86995c7/attachment.htm>
More information about the squid-users
mailing list