[squid-users] Squid Version 3.5.20 Any Ideas

Yuri yvoinov at gmail.com
Wed Jul 19 21:06:22 UTC 2017


Related OpenSSL public CA bundle - in theory it should be installed
together with OpenSSL.


20.07.2017 2:49, Cherukuri, Naresh пишет:
>
> Thanks Yuri for quick turnover!
>
>  
>
> We inly installed root certificate on all clients. We didn’t install
> proxy CA’s public key on clients. So you suggestion fix that we need
> to install both certificate and proxy ca’s public key on clients.
>
>  
>
> Thanks,
>
> Naresh
>
>  
>
> *From:*squid-users [mailto:squid-users-bounces at lists.squid-cache.org]
> *On Behalf Of *Yuri
> *Sent:* Wednesday, July 19, 2017 2:25 PM
> *To:* squid-users at lists.squid-cache.org
> *Subject:* Re: [squid-users] Squid Version 3.5.20 Any Ideas
>
>  
>
> One out of two. Either the Squid does not see the OpenSSL/system root
> CAs bundle, or the proxy CA's public key is not installed in the
> clients. It's all.
>
>  
>
> 19.07.2017 23:30, Walter H. пишет:
>
>     Hello,
>
>     this seems not to be the problem, as the error messages are in
>     cache.log, which is not a browser problem ...
>
>     the question: are the SSL bumped sites in intranet, which use a
>     self signed CA cert itself, which squid doesn't know?
>
>     On 19.07.2017 17:36, Yuri wrote:
>
>     http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
>
>     http://i.imgur.com/A153C7A.png
>
>      
>
>     19.07.2017 21:34, Cherukuri, Naresh пишет:
>
>         Hi All,
>
>          
>
>         I installed Squid version 3.5.20 on RHEL 7 and generated
>         self-signed CA certificates,  My users are complaining about
>         certificate errors. When I looked at cache.log I see so many
>         error messages like below. Below is my squid.conf file. Any
>         ideas how to address below errors.
>
>          
>
>
>
>         Cache.log
>
>          
>
>         2017/07/18 16:05:34 kid1| Error negotiating SSL connection on
>         FD 689: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3
>         alert certificate unknown (1/0)
>
>         2017/07/18 16:05:34 kid1| Error negotiating SSL connection on
>         FD 1114: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3
>         alert certificate unknown (1/0)
>
>         2017/07/18 16:05:37 kid1| Error negotiating SSL connection on
>         FD 146: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3
>         alert certificate unknown (1/0)
>
>         2017/07/18 16:05:41 kid1| Error negotiating SSL connection on
>         FD 252: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3
>         alert certificate unknown (1/0)
>
>         2017/07/18 16:05:41 kid1| Error negotiating SSL connection on
>         FD 36: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert
>         certificate unknown (1/0)
>
>
>
>
>
>     _______________________________________________
>
>     squid-users mailing list
>
>     squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>
>     http://lists.squid-cache.org/listinfo/squid-users
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170720/826a31ac/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170720/826a31ac/attachment-0001.sig>


More information about the squid-users mailing list