[squid-users] Using subordinate CA for SSL Bump
Walter H.
Walter.H at mathemainzel.info
Fri Dec 18 04:48:03 UTC 2015
On 17.12.2015 18:01, Alex Rousskov wrote:
> On 12/17/2015 03:12 AM, Yuri Voinov wrote:
>> This looks like. Root CA doesn't send. Subordinate CA uses as signer for
>> mimicked. All and any clients got security alert.
>
> There may still be some terminology misunderstanding here because not
> sending the root certificate is the right thing to do
as a correct configured web server does;
this sends only its SSL certificate with the issuing intermediate plus
any other intermediate certificate,
but no root certificate ...
so in this case there is just the intermediate certificate the one squid
uses for SSL bump;
the root certificate is installed on the clients and both the mimicked
and the intermediate are sent by squid,
and all is fine;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151218/37a4726f/attachment.bin>
More information about the squid-users
mailing list