[squid-users] Squid Version 3.5.20 Any Ideas

Yuri yvoinov at gmail.com
Wed Jul 19 18:15:00 UTC 2017


This simple seems op does not installed proxy CA's public in clients. No
more.

And errors in cache.log (as well as client complaints) are unambiguously
shown.

All other ideas are your nonsense.


19.07.2017 23:30, Walter H. пишет:
> Hello,
>
> this seems not to be the problem, as the error messages are in
> cache.log, which is not a browser problem ...
>
> the question: are the SSL bumped sites in intranet, which use a self
> signed CA cert itself, which squid doesn't know?
>
> On 19.07.2017 17:36, Yuri wrote:
>>
>> http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>>
>> http://i.imgur.com/A153C7A.png
>>
>>
>> 19.07.2017 21:34, Cherukuri, Naresh пишет:
>>>
>>> Hi All,
>>>
>>>  
>>>
>>> I installed Squid version 3.5.20 on RHEL 7 and generated self-signed
>>> CA certificates,  My users are complaining about certificate errors.
>>> When I looked at cache.log I see so many error messages like below.
>>> Below is my squid.conf file. Any ideas how to address below errors.
>>>
>>>
>
>>> Cache.log
>>>
>>>  
>>>
>>> 2017/07/18 16:05:34 kid1| Error negotiating SSL connection on FD
>>> 689: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:34 kid1| Error negotiating SSL connection on FD
>>> 1114: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:37 kid1| Error negotiating SSL connection on FD
>>> 146: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:41 kid1| Error negotiating SSL connection on FD
>>> 252: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>>> certificate unknown (1/0)
>>>
>>> 2017/07/18 16:05:41 kid1| Error negotiating SSL connection on FD 36:
>>> error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
>>> unknown (1/0)
>>>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170720/e2ac2633/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170720/e2ac2633/attachment-0001.sig>


More information about the squid-users mailing list