<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>One out of two. Either the Squid does not see the OpenSSL/system
      root CAs bundle, or the proxy CA's public key is not installed in
      the clients. It's all.<br>
    </p>
    <br>
    <div class="moz-cite-prefix">19.07.2017 23:30, Walter H. пишет:<br>
    </div>
    <blockquote type="cite"
      cite="mid:596F973C.7040603@mathemainzel.info">
      <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
      Hello,<br>
      <br>
      this seems not to be the problem, as the error messages are in
      cache.log, which is not a browser problem ...<br>
      <br>
      the question: are the SSL bumped sites in intranet, which use a
      self signed CA cert itself, which squid doesn't know?<br>
      <br>
      On 19.07.2017 17:36, Yuri wrote:
      <blockquote
        cite="mid:e653374f-020d-c213-6a0f-12dda8ebce32@gmail.com"
        type="cite">
        <meta http-equiv="Context-Type" content="text/html; ">
        <p><a moz-do-not-send="true"
href="http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit">http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit</a></p>
        <p><a moz-do-not-send="true"
            href="http://i.imgur.com/A153C7A.png">http://i.imgur.com/A153C7A.png</a><br>
        </p>
        <br>
        <div>19.07.2017 21:34, Cherukuri, Naresh пишет:<br>
        </div>
        <blockquote type="cite"
          cite="mid:89638057A560FB458C01C197F81C7F5D13F32404@PACERS.amscan.corp">
          <div>
            <p><span>Hi All, </span></p>
            <p><span>   </span></p>
            <p>I installed Squid version 3.5.20 on RHEL 7 and generated
              self-signed CA certificates,  My users are complaining
              about certificate errors. When I looked at cache.log I see
              so many error messages like below. Below is my squid.conf
              file. Any ideas how to address below errors. </p>
            <span> </span><br>
          </div>
        </blockquote>
      </blockquote>
      <br>
      <blockquote
        cite="mid:e653374f-020d-c213-6a0f-12dda8ebce32@gmail.com"
        type="cite">
        <blockquote type="cite"
          cite="mid:89638057A560FB458C01C197F81C7F5D13F32404@PACERS.amscan.corp">
          <div>
            <p><span>Cache.log </span></p>
            <p><span>   </span></p>
            <p><span>2017/07/18 16:05:34 kid1| Error negotiating SSL
                connection on FD 689: error:14094416:SSL
                routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
                (1/0) </span></p>
            <p><span>2017/07/18 16:05:34 kid1| Error negotiating SSL
                connection on FD 1114: error:14094416:SSL
                routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
                (1/0) </span></p>
            <p><span>2017/07/18 16:05:37 kid1| Error negotiating SSL
                connection on FD 146: error:14094416:SSL
                routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
                (1/0) </span></p>
            <p><span>2017/07/18 16:05:41 kid1| Error negotiating SSL
                connection on FD 252: error:14094416:SSL
                routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
                (1/0) </span></p>
            <p><span>2017/07/18 16:05:41 kid1| Error negotiating SSL
                connection on FD 36: error:14094416:SSL
                routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
                (1/0) </span></p>
          </div>
        </blockquote>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>