[squid-users] HTTPS_PORT AND SSL CERT

Julien TEHERY julien.tehery at mediactivegroup.com
Tue May 26 07:24:46 UTC 2020


Hi there,

I'm actually facing a problem with Squid 4.6-1 (Debian 10).
I'm using squid with https_port directive, using an SSL certficate ( a true one, not self signed)

Here is the simple setup:

https_port X.X.X.X:8443 tls-cert=/etc/squid/mywildcard.com.pem

The fact is that setup works for all firefox version using a proxy.pac file for HTTPS connexions to the squid server.
But for chrome this is quite different. Indeed chrome uses the system's proxy settings and i noticed that sometimes it would work and sometinles it would fail.
To make it work all the time i had to add my intermediate certificate (thawte) in the local store, so that means intermediate certificate has not been delivered by the squid server as it should.

The pem file in the above setup allreadycontains this (pem file done by concatenating  private key, cert, intermediate and root CA. I also tried the following syntax:

https_port X.X.X.X:8443 cert=/etc/squid/mywildcard..com.cer key=/etc/squid/mywildcard.com.key cafile=/etc/squid/mywildcard..com-intermediaire.txt

but each time i try to see with openssl client if my intermediate is delivered, it's not
I use "openssl s_client -showcerts -connect myproxy.com:8443"

If i do the same thing on an apache server with the same certificate files i can see both certificate and intermediate. Why squid isn't able to show it, did i miss something ?


Thanks for your help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200526/c5bcd368/attachment-0001.html>


More information about the squid-users mailing list