<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>One out of two. Either the Squid does not see the OpenSSL/system
root CAs bundle, or the proxy CA's public key is not installed in
the clients. It's all.<br>
</p>
<br>
<div class="moz-cite-prefix">19.07.2017 23:30, Walter H. пишет:<br>
</div>
<blockquote type="cite"
cite="mid:596F973C.7040603@mathemainzel.info">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
Hello,<br>
<br>
this seems not to be the problem, as the error messages are in
cache.log, which is not a browser problem ...<br>
<br>
the question: are the SSL bumped sites in intranet, which use a
self signed CA cert itself, which squid doesn't know?<br>
<br>
On 19.07.2017 17:36, Yuri wrote:
<blockquote
cite="mid:e653374f-020d-c213-6a0f-12dda8ebce32@gmail.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html; ">
<p><a moz-do-not-send="true"
href="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</a></p>
<p><a moz-do-not-send="true"
href="http://i.imgur.com/A153C7A.png">http://i.imgur.com/A153C7A.png</a><br>
</p>
<br>
<div>19.07.2017 21:34, Cherukuri, Naresh пишет:<br>
</div>
<blockquote type="cite"
cite="mid:89638057A560FB458C01C197F81C7F5D13F32404@PACERS.amscan.corp">
<div>
<p><span>Hi All, </span></p>
<p><span> </span></p>
<p>I installed Squid version 3.5.20 on RHEL 7 and generated
self-signed CA certificates, My users are complaining
about certificate errors. When I looked at cache.log I see
so many error messages like below. Below is my squid.conf
file. Any ideas how to address below errors. </p>
<span> </span><br>
</div>
</blockquote>
</blockquote>
<br>
<blockquote
cite="mid:e653374f-020d-c213-6a0f-12dda8ebce32@gmail.com"
type="cite">
<blockquote type="cite"
cite="mid:89638057A560FB458C01C197F81C7F5D13F32404@PACERS.amscan.corp">
<div>
<p><span>Cache.log </span></p>
<p><span> </span></p>
<p><span>2017/07/18 16:05:34 kid1| Error negotiating SSL
connection on FD 689: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0) </span></p>
<p><span>2017/07/18 16:05:34 kid1| Error negotiating SSL
connection on FD 1114: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0) </span></p>
<p><span>2017/07/18 16:05:37 kid1| Error negotiating SSL
connection on FD 146: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0) </span></p>
<p><span>2017/07/18 16:05:41 kid1| Error negotiating SSL
connection on FD 252: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0) </span></p>
<p><span>2017/07/18 16:05:41 kid1| Error negotiating SSL
connection on FD 36: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0) </span></p>
</div>
</blockquote>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>