<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Yes, that's what i did. As I explained before, i provided to squid a pem file containing:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<ul>
<li>sever key</li><li>server cert</li><li>intermediate cert</li></ul>
<div>with in squid.conf:</div>
<div><br>
</div>
<div>https_port 8443 tls-cert=path/to/my/wildcard.pem</div>
<div><br>
</div>
<div>I did not try to add root cert as i'm aware it's not necessary</div>
<div><br>
</div>
<div>I've spent so many hours on something that should work quickly..<br>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>De :</b> squid-users <squid-users-bounces@lists.squid-cache.org> de la part de Matus UHLAR - fantomas <uhlar@fantomas.sk><br>
<b>Envoyé :</b> jeudi 28 mai 2020 10:12<br>
<b>À :</b> squid-users@lists.squid-cache.org <squid-users@lists.squid-cache.org><br>
<b>Objet :</b> Re: [squid-users] HTTPS_PORT AND SSL CERT</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">On 28.05.20 06:32, Julien TEHERY wrote:<br>
>I retried everything possible in terms of order in the pem file. from my<br>
>workstation, if i do "openssl s_client -showcerts -connect<br>
>mysquid.mycompany.com:8443" i only get one certificate/issuer, but the same<br>
>command on same server but different port (apache listenning on 443), i<br>
>correctly get 2 certificates/issuers:<br>
><br>
>I precise my https configuration isn't for ssl_bump purpose but only to provide secure access to the http proxy through the WAN with a valid certificate.<br>
>Do you some of you use complete certificates (including intermediate) with squid? If yes please tell me how you made it work.<br>
>I do have the latest stable squid version built with openssl support.<br>
<br>
you apparnetly need ptovide concatenated list of your squid certificate and<br>
intermediate certificate that signed your squid certificate.<br>
<br>
You don't need to provide the root certificate that signed intermediate<br>
certificate, since browsers to have that certificate installed<br>
(otherwise they wouldn't trust the certificate at all).<br>
<br>
<br>
-- <br>
Matus UHLAR - fantomas, uhlar@fantomas.sk ; <a href="http://www.fantomas.sk/">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
- Have you got anything without Spam in it?<br>
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div>
</span></font></div>
</body>
</html>