<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Related OpenSSL public CA bundle - in theory it should be
installed together with OpenSSL.<br>
</p>
<br>
<div class="moz-cite-prefix">20.07.2017 2:49, Cherukuri, Naresh
пишет:<br>
</div>
<blockquote type="cite"
cite="mid:89638057A560FB458C01C197F81C7F5D13F32BF9@PACERS.amscan.corp">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks
Yuri for quick turnover!<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">We
inly installed root certificate on all clients. We didn’t
install proxy CA’s public key on clients. So you suggestion
fix that we need to install both certificate and proxy ca’s
public key on clients.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Naresh<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">
squid-users
[<a class="moz-txt-link-freetext" href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>]
<b>On Behalf Of </b>Yuri<br>
<b>Sent:</b> Wednesday, July 19, 2017 2:25 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> Re: [squid-users] Squid Version 3.5.20
Any Ideas<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p>One out of two. Either the Squid does not see the
OpenSSL/system root CAs bundle, or the proxy CA's public key
is not installed in the clients. It's all.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">19.07.2017 23:30, Walter H. пишет:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Hello,<br>
<br>
this seems not to be the problem, as the error messages are
in cache.log, which is not a browser problem ...<br>
<br>
the question: are the SSL bumped sites in intranet, which
use a self signed CA cert itself, which squid doesn't know?<br>
<br>
On 19.07.2017 17:36, Yuri wrote: <o:p></o:p></p>
<p><a
href="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit"
moz-do-not-send="true">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</a><o:p></o:p></p>
<p><a href="http://i.imgur.com/A153C7A.png"
moz-do-not-send="true">http://i.imgur.com/A153C7A.png</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">19.07.2017 21:34, Cherukuri, Naresh
пишет:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p>Hi All, <o:p></o:p></p>
<p> <o:p></o:p></p>
<p>I installed Squid version 3.5.20 on RHEL 7 and
generated self-signed CA certificates, My users are
complaining about certificate errors. When I looked at
cache.log I see so many error messages like below. Below
is my squid.conf file. Any ideas how to address below
errors. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p>Cache.log <o:p></o:p></p>
<p> <o:p></o:p></p>
<p>2017/07/18 16:05:34 kid1| Error negotiating SSL
connection on FD 689: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
<o:p></o:p></p>
<p>2017/07/18 16:05:34 kid1| Error negotiating SSL
connection on FD 1114: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
<o:p></o:p></p>
<p>2017/07/18 16:05:37 kid1| Error negotiating SSL
connection on FD 146: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
<o:p></o:p></p>
<p>2017/07/18 16:05:41 kid1| Error negotiating SSL
connection on FD 252: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
<o:p></o:p></p>
<p>2017/07/18 16:05:41 kid1| Error negotiating SSL
connection on FD 36: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
<o:p></o:p></p>
</div>
</blockquote>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>squid-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:squid-users@lists.squid-cache.org" moz-do-not-send="true">squid-users@lists.squid-cache.org</a><o:p></o:p></pre>
<pre><a href="http://lists.squid-cache.org/listinfo/squid-users" moz-do-not-send="true">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</blockquote>
<br>
</body>
</html>