[squid-users] (no subject)
Amos Jeffries
squid3 at treenet.co.nz
Wed Dec 13 02:53:55 UTC 2017
On 13/12/17 14:11, 赵 俊 wrote:
> Hi,
>
> When I access SVN ,I want to bump SVN connection.
>
>
> Error like this:
>
>
> The following error was encountered while trying to retrieve the URL:
> https://WIN-BEOUENL2N6U/*
>
> *Failed to establish a secure connection to 192.168.52.6*
>
> The system returned:
>
> (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
>
> SSL Certficate error: certificate issuer (CA) not known:
> /CN=WIN-BEOUENL2N6U
>
> This proxy and the remote host failed to negotiate a mutually acceptable
> security settings for handling your request. It is possible that the
> remote host does not support secure connections, or the proxy is not
> satisfied with the host security credentials.
>
>
> My squid.conf :
>
> acl ssl_step1 at_step SslBump1
> acl ssl_step2 at_step SslBump2
> acl ssl_step3 at_step SslBump3
>
> ssl_bump stare ssl_step1
> ssl_bump bump ssl_step2
> ssl_bump terminate ssl_step3
>
> May i solve this problem,if I go to the official certification
> organization certificating myCA ?
>
Not really. There are two problems;
The first problem is that you are using host names instead of domain name.
<https://superuser.com/questions/59093/difference-between-host-name-and-domain-name/59094>
The second problem is that you are bumping at SSL-Bump step #2 before
any of the real server details are available to Squid.
Amos
More information about the squid-users
mailing list