[squid-users] | Ignoring non-issuer CA from ... while squid -kparse

eliezer at ngtech.co.il eliezer at ngtech.co.il
Sun Feb 24 02:36:17 UTC 2019


I am testing intermediate  certificates and I have just created a key and
certificate files.
The http line for ssl bump is:
http_port 23128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=16MB  cert=/etc/squid/ssl_cert/cert.pem
key=/etc/squid/ssl_cert/key.pem
 
While running squid -kparse I get the next output:
2019/02/24 04:28:03| Using certificate in /etc/squid/ssl_cert/cert.pem
2019/02/24 04:28:03| Using certificate chain in /etc/squid/ssl_cert/cert.pem
2019/02/24 04:28:03| Ignoring non-issuer CA from
/etc/squid/ssl_cert/cert.pem: /C=IL/ST=Shomron/O=NgTech
LTD/CN=pxaa13a65c.ngtech.co.il
## END OF OUTPUT SNIPPET
 
I have seen the note in the code
// checks that the chained certs are actually part of a chain for 
validating cert
at:
https://github.com/squid-cache/squid/blob/75aadeb9cc1128bb50adf8fc629d3957e9
a88f2f/src/security/KeyData.cc#L121
 
I am not sure how to look at this.
I am almost sure I did something wrong, maybe when I created the root CA or
the intermidate?
 
The actual result is that it works and the connections are being intercepted
without errors since the signing rootCA is installed on windows and firefox.
Not sure how to look at this log..
 
Thanks,
Eliezer 
 
----
 <http://ngtech.co.il/main-en/> Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email:  <mailto:eliezer at ngtech.co.il> eliezer at ngtech.co.il

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190224/b18984ea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11295 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190224/b18984ea/attachment-0001.png>


More information about the squid-users mailing list