[squid-users] HTTPS_PORT AND SSL CERT
Ronan Lucio
ronanlucio at gmail.com
Wed May 27 00:10:40 UTC 2020
If your server listens on a public IP, you can use a valid certificate.
On Tue, May 26, 2020 at 7:24 PM Julien TEHERY
<julien.tehery at mediactivegroup.com> wrote:
>
> Hi there,
>
> I'm actually facing a problem with Squid 4.6-1 (Debian 10).
> I'm using squid with https_port directive, using an SSL certficate ( a true one, not self signed)
>
> Here is the simple setup:
>
> https_port X.X.X.X:8443 tls-cert=/etc/squid/mywildcard.com.pem
>
> The fact is that setup works for all firefox version using a proxy.pac file for HTTPS connexions to the squid server.
> But for chrome this is quite different. Indeed chrome uses the system's proxy settings and i noticed that sometimes it would work and sometinles it would fail.
> To make it work all the time i had to add my intermediate certificate (thawte) in the local store, so that means intermediate certificate has not been delivered by the squid server as it should.
>
> The pem file in the above setup allreadycontains this (pem file done by concatenating private key, cert, intermediate and root CA. I also tried the following syntax:
>
> https_port X.X.X.X:8443 cert=/etc/squid/mywildcard..com.cer key=/etc/squid/mywildcard.com.key cafile=/etc/squid/mywildcard..com-intermediaire.txt
>
> but each time i try to see with openssl client if my intermediate is delivered, it's not
> I use "openssl s_client -showcerts -connect myproxy.com:8443"
>
> If i do the same thing on an apache server with the same certificate files i can see both certificate and intermediate. Why squid isn't able to show it, did i miss something ?
>
>
> Thanks for your help
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list