[squid-users] Certificate Authority with SSLBump

Yuri yvoinov at gmail.com
Thu Feb 8 17:36:05 UTC 2018


1. Using mozilla CA bundle instead of system (if exists) for squid.

2. Update mozilla CA bundle by script by cron on regular basis.

3. Have own manually maintained custom add_certs.pem list which combines
with step 2 during updates.

Thats all, folks.


08.02.2018 23:33, FredB пишет:
> Hi All,
>
> In practise how you maintain the CA files? I'm testing SSLBump with Debian Jessie the package ca-certificates provides many certificates but less than the latest Firefox Browser.
> How do you manage to keep all that in check? When a CA is missing you add the pem in you system config or exclude the website from SSLBump?  
>
> EG: From my test https://wiki.squid-cache.org seems unknown (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
> SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
>
> Thanks
>
> Regards
> Fred
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-- 
*****************************
* C++20 : Bug to the future *
*****************************


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180208/ed77fb7b/attachment.sig>


More information about the squid-users mailing list