[squid-users] sslproxy_foreign_intermediate_certs -- where to locate a bundle
Amos Jeffries
squid3 at treenet.co.nz
Wed Jun 27 18:58:27 UTC 2018
On 28/06/18 03:49, Gordon Hsiao wrote:
> does it exist somewhere? Just notice this option in 3.5 but google does
> not say any location I can fetch like the way a typical ca-bundle is.
>
IIRC, Yuri published the bundle they had accumulated a while back. The
link seems not to be working now though.
You can easily accumulate your own if you like. Simply by watching for
reports about sites/services not working do to certificate verification
errors. Check that it is missing an intermediate rather than other
TLS/SSL errors. Manually download the missing intermediate cert and
append it in PEM format to your bundle file.
However, I recommend just upgrading to Squid-4. That version has many
crypto related fixes that make life easier - including the ability to
auto-download most of these missing intermediate certs. The directive
may still be needed for some servers that do very weird things, but not
nearly as many as Squid-3 needs attending to.
Amos
More information about the squid-users
mailing list