[squid-users] TLS: 1st time w/intermediate cert: not working; ideas on what I'm doing wrong?

L A Walsh squid-user at tlinx.org
Thu Sep 7 21:14:40 UTC 2017


Got an error message from squid where I'm doing https-bumping:

--------------------------
The following error was encountered while trying to retrieve the URL: 
https://help.ea.com/

    *Failed to establish a secure connection to 52.0.220.87*

The system returned:

    (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)

    SSL Certficate error: certificate issuer (CA) not known:
    /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec
    Class 3 Secure Server CA - G4

This proxy and the remote host failed to negotiate a mutually acceptable 
security settings for handling your request. It is possible that the 
remote host does not support secure connections, or the proxy is not 
satisfied with the host security credentials.

--------------------------------

Googling found:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Howto-fix-X509-V-ERR-UNABLE-TO-GET-ISSUER-CERT-LOCALLY-Squid-error-td4682015.html

Used openssl.com to get the intermediate certs (2 hosts are referenced
in parallel chains).  The two certs looked like:

-----BEGIN CERTIFICATE-----
...hexstuff==
-----END CERTIFICATE-----


Added the certs to a file and that filename to my squid.conf on a line:

sslproxy_foreign_intermediate_certs /etc/squid/ssl_intermediates/cert.pem

restarted squid, but am still getting same error.

Am I missing some obvious step?

Looking for a clue... ;-)

Thanks!
-l








More information about the squid-users mailing list