[squid-users] ssl-bump doesn't like valid web server
Jason Haar
Jason_Haar at trimble.com
Wed Jan 21 08:40:07 UTC 2015
Hi there
I'm running squid-3.4.10 on CentOS-6 and just got hit with ssl-bump
blocking/warning access to a website which I can't figure out why
It's https://myaccount.snap.net.nz/. Signed by a couple of layers of
intermediary certs, but seems fine (works direct with FF/Chrome/MSIE).
curl on the squid server has no trouble accessing it (using default
/etc/pki/tls/certs/ca-bundle.crt), but ssl_crtd creates a fake cert for
it as follows.
Any ideas what's up?
Thanks!
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NZ, ST=...., CN=Not trusted by "Squid CA"
Validity
Not Before: Sep 22 08:36:12 2014 GMT
Not After : Nov 22 22:46:24 2017 GMT
Subject: serialNumber=TDtNUZuQo4Ts9hs8qd1ksekvefvr7hdo,
OU=GT11048499, OU=See www.rapidssl.com/resources/cps (c)14, OU=Domain
Control Validated - RapidSSL(R), CN=*.snap.net.nz
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the squid-users
mailing list