[squid-users] HTTPS_PORT AND SSL CERT

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu May 28 08:12:33 UTC 2020


On 28.05.20 06:32, Julien  TEHERY wrote:
>I retried everything possible in terms of order in the pem file.  from my
>workstation, if i do "openssl s_client -showcerts -connect
>mysquid.mycompany.com:8443" i only get one certificate/issuer, but the same
>command on same server but different port (apache listenning on 443), i
>correctly get 2 certificates/issuers:
>
>I precise my https configuration isn't for ssl_bump purpose but only to provide secure access to the http proxy through the WAN with a valid certificate.
>Do you some of you use complete certificates (including intermediate) with squid? If yes please tell me how you made it work.
>I do have the latest stable squid version built with openssl support.

you apparnetly need ptovide concatenated list of your squid certificate and
intermediate certificate that signed your squid certificate.

You don't need to provide the root certificate that signed intermediate
certificate, since browsers  to have that certificate installed
(otherwise they wouldn't trust the certificate at all).


-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.


More information about the squid-users mailing list