[squid-users] Squid won't download intermediate certificates
info at schroeffu.ch
info at schroeffu.ch
Thu Jan 30 08:15:15 UTC 2020
Hi av,
have had the same issue due to authenticate any user before passing the proxy. Squid couldn't fetch the intermediate certificates.
I added the following in squid.conf before the line "acl Authenticated_Users proxy_auth REQUIRED":
###
#Allow fetch intermediate certs before required authentication
acl fetched_certificate transaction_initiator certificate-fetching
cache allow fetched_certificate
http_access allow fetched_certificate
###
Hope this helps you too.
Lot regards
Schroeffu
PS: DKIM verification failed for sender ml at netfence.it
30. Januar 2020 08:51, "Andrea Venturoli" <ml at netfence.it> schrieb:
> Hello.
>
> I'm experimenting SSLBump and I've got a problem: when a client visits a
> site which won't provide intermediate SSL certificates, the connection
> will fail.
> I read Squid 4 should download such certificates itself, however this
> does not succeed.
> I see in the logs something like:
>
>> 1580334345.045 1 - TCP_DENIED/403 3634 GET
>> http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt - HIER_NONE/-
>> text/html;charset=utf-8
>
> Seems like an ACL problem.
> There is no source IP, but a - (dash): I guess this means the connection
> was originated from Squid itself.
>
> Is there a specific keyword I need to use to allow such connections?
> "localhost" doesn't seem to do the trink.
>
> Any help appreciated.
>
> bye & Thanks
> av.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list