[squid-users] (71) Protocol error (TLS code: X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)

Amos Jeffries squid3 at treenet.co.nz
Wed Aug 26 04:28:01 UTC 2020


On 26/08/20 1:30 pm, m k wrote:
> Hi team,
> 
> Sorry for the many questions.
> As an in-house SE, I plan to switch from Bluecoat to Squid. 
> ***I am Japanese. And I can not do English.
> All are Google translations.***
> 
> I am doing a load test on Squid.
> Apache Jmeter is loading the self-certified WEB server.
> How can I test with a self-certified WEB server with Jmeter?
> 

You can use cache_peer for custom connectivity to a server:

  cache_peer jmeter.local parent 443 0 originserver \
    tls-cafile=/etc/squid/jmeter_ca_cert.pem \
    tls-default-ca=off

  cache_peer_access jmeter.local allow ...
  never_direct allow ...


Put the CA cert for jmeter in /etc/squid/jmeter_ca_cert.pem.


FYI: it is best to keep the self-signed cert as your own private CA and
give jmeter a normal server cert. Then you only have to change the
jmeter config if its cert gets compromised or needs updating for any
other reason. Squid can continue to use your self-signed CA to verify
any server certs it signed for jmeter.


Amos


More information about the squid-users mailing list