[squid-users] squid 3.5.27 .https website show SEC_ERROR_UNKNOWN_ISSUER
Amos Jeffries
squid3 at treenet.co.nz
Mon Nov 20 14:49:11 UTC 2017
On 20/11/17 21:06, G~D~Lunatic wrote:
> with your help. i changed my configure. and now the https problem is
> that SEC_ERROR_UNKNOWN_ISSUER.
> i use squid 3.5.27 as a transparent proxy and a icap client .With the
> proxy , i access most of https websites like www.amazon.com
> http://www.hupu.com. but failedĀ . So i want to know where problem is
> or how to deal with it.
>
The config you presented has one major problem - you have configured
ssl-bump option on the https_port but do not have any ssl_bump
directives telling Squid what bumping actions are to be done.
What Squid does under that circumstance is bump the TLS using an invalid
server certificate and deliver an error page to the client in hopes that
either the invalid cert will throw up an error, or the error page might
be displayed.
Amos
More information about the squid-users
mailing list