[squid-users] AIA fetching in squid
Amos Jeffries
squid3 at treenet.co.nz
Wed Feb 6 12:05:21 UTC 2019
On 6/02/19 10:10 pm, Yann Girardin wrote:
>
> Is there a way to activate this AIA fetching in squid or do i have to
Fetching missing intermediate CA certificates is implemented in Squid-4.
All you need do is check that your access controls permit those requests
to happen.
If you have Squid-3.5 the
<http://www.squid-cache.org/Doc/config/sslproxy_foreign_intermediate_certs/>
directive can load intermediate certs to use for the missing cert chain
entries.
> implement it myself using a helper with the sslcrtvalidator_program ?
>
That is also possible.
PS. AIA fetching requires the certificate AIA to have a value. Some of
these misconfigurations are because it is missing. In that case there is
nothing that can be done to resolve the error without already having the
relevant Issuer cert.
Amos
More information about the squid-users
mailing list