[squid-users] Squid won't download intermediate certificates
Andrea Venturoli
ml at netfence.it
Thu Jan 30 07:50:34 UTC 2020
Hello.
I'm experimenting SSLBump and I've got a problem: when a client visits a
site which won't provide intermediate SSL certificates, the connection
will fail.
I read Squid 4 should download such certificates itself, however this
does not succeed.
I see in the logs something like:
> 1580334345.045 1 - TCP_DENIED/403 3634 GET http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt - HIER_NONE/- text/html;charset=utf-8
Seems like an ACL problem.
There is no source IP, but a - (dash): I guess this means the connection
was originated from Squid itself.
Is there a specific keyword I need to use to allow such connections?
"localhost" doesn't seem to do the trink.
Any help appreciated.
bye & Thanks
av.
More information about the squid-users
mailing list