[squid-users] How are others handling missing intermediate certificates?

Tom Harris thom.j.harris at gmail.com
Mon Apr 27 21:08:44 UTC 2015


In SSL bump mode, I find I am hitting sites with incomplete certificate
chains fairly often.   When accessed directly, browsers will work it out -
I guess by downloading the missing CA certs.

I know I can load the intermediate CA certs in my system DB as I encounter
the issues.   But, I'm wondering if others have more proactive solutions.
Is there a list of commonly encountered certs, maybe just a subset like the
top tier CAs?    Or, is this being addressed in code making squid behave
like browsers do?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150427/acf06fd3/attachment.html>


More information about the squid-users mailing list