[squid-users] SSL bump not working w/some sites.
L. A. Walsh
squid-user at tlinx.org
Tue Nov 8 02:40:57 UTC 2016
Alex Rousskov wrote:
> On 11/07/2016 11:59 AM, L. A. Walsh wrote:
>> I have the SSL bump feature setup and so far have been happy with
>> it, but today, I got an error from a website,
>
> You got an error from Squid, not a website.
>
>
>> saying they detect my
>> ability to monitor my webtraffic and refuse to allow it:
>
> Actually, the error says that Squid refuses to trust the web server.
---
Really. Interesting (so much for my ability to understand
error messages...)
>> The system returned:
>>
>> (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
>>
>> Self-signed SSL Certificate in chain: /C=US/O=Entrust, Inc./OU=See
>> www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized
>> use only/CN=Entrust Root Certification Authority - G2
>
> ... because your Squid/OpenSSL setup does not trust the above root
> certificate at the end of the server certificate chain.
---
Weird. I don't know who they are... it is on/for a US gov
website... Given all the hacks going on recently, not so sure
I should just accept it.
More information about the squid-users
mailing list