<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div class="BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="PlainText">Unfortunately, i've just compiled/ and built deb packages a fresh new squid 4.11
<br>
</div>
<div class="PlainText">Now SSL support should be fully operational, but the certificate i still not showing the intermediate.</div>
<div class="PlainText"><br>
</div>
<div class="PlainText">I just tried https_port 8443 tls-cert=/etc/squid/wildcard.mycompany.com.pem
<br>
</div>
<div class="PlainText">where in the pem file i have in this precise order:</div>
<div class="PlainText"><br>
</div>
</span></font>
<ul>
<li><font size="2">cert key</font></li><li><font size="2">server cert</font></li><li><font size="2">intermediate cert<br>
</font></li></ul>
<font size="2"><span style="font-size:11pt">
<div class="PlainText"><br>
</div>
<div class="PlainText">openssl client shows only the cert issuer, as it should show both.</div>
<div class="PlainText">Did I missed something ?<br>
</div>
<div class="PlainText"><br>
</div>
<div class="PlainText">On 26/05/20 7:24 pm, Julien TEHERY wrote:<br>
> To make it work all the time i had to add my intermediate certificate<br>
> (thawte) in the local store, so that means intermediate certificate has<br>
> not been delivered by the squid server as it should.<br>
<br>
The experimental GnuTLS support in Debian package does not yet support<br>
certificate chains. That is still some ways off.<br>
<br>
For now if there is a chain with intermediate certificates you still<br>
need to use an OpenSSL build of Squid.<br>
<br>
Amos</div>
<div class="PlainText">_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div>
</span></font></div>
</body>
</html>