[squid-users] squid 3.5.27 .https website show SEC_ERROR_UNKNOWN_ISSUER
G~D~Lunatic
747620227 at qq.com
Mon Nov 20 08:06:08 UTC 2017
with your help. i changed my configure. and now the https problem is that SEC_ERROR_UNKNOWN_ISSUER.
i use squid 3.5.27 as a transparent proxy and a icap client .With the proxy , i access most of https websites like www.amazon.com. but failed . So i want to know where problem is or how to deal with it.
The webpage remind like" www.amazon.com used an invalid security certificate. The certificate is not trusted because of its self-signature. This certificate is invalid for the name www.amazon.com. Error code: SEC_ERROR_UNKNOWN_ISSUER "
Here is my configure
# Squid normally listens to port 3128
http_port 3120
http_port 3128 intercept
https_port 192.168.51.200:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem
#acl ssl_step1 at_step SslBump1
#acl ssl_step2 at_step SslBump2
#acl ssl_step3 at_step SslBump3
#ssl_bump peek ssl_step1
#ssl_bump splice all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
#icap
icap_enable on
icap_preview_enable on
icap_preview_size 1024
icap_send_client_ip on
adaptation_meta X-Client-Port "%>p"
icap_206_enable on
icap_persistent_connections off
icap_service service_req reqmod_precache 0 icap://192.168.51.200:1344/echo
icap_service service_res respmod_precache 1 icap://192.168.51.200:1344/echo
adaptation_access service_res allow all
adaptation_access service_req allow all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171120/0db5dc11/attachment.html>
More information about the squid-users
mailing list