[squid-users] ssl bump intermediate certificate
Marek Greško
mgresko8 at gmail.com
Wed Oct 30 20:49:54 UTC 2019
Hello,
Matus, I also found the document. It should be sending the chain, but
is not. When I specify cafile option it responds I shoud use
tls-cafile. But in either case it is not sending.
Walter, if squid has such requirement, then it is unfinished. Every
other proxy is able to run its CA as an intermediate and clients
install only root CA. The proxy should be responsible to hold the
chain. The url Matus sent is the correct way how to do it, but is is
not working. At least not in 4.8 vesion.
Marek
2019-10-30 10:42 GMT+01:00, Matus UHLAR - fantomas <uhlar at fantomas.sk>:
>>On 30.10.2019 05:59, Marek Greško wrote:
>>>I am trying to configure ssl bumping on squid 4.8 but my browser is
>>>not able to validate the certificate due to intermediate certificate
>>>missing. How could I convince squid to send it?
>
> On 30.10.19 10:11, Walter H. wrote:
>>the ssl-bum certificate is either a root certificate itself which must
>>be installed on the clients or an intermediate, where
>>the root and all intermediates between must be installed on the clients
>
> do you mean that squid won't send intermediate certificate?
>
> this should be:
>
> https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpWithIntermediateCA
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Honk if you love peace and quiet.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list