[squid-users] Squid complains on missing Intermediate certificate in version 4.14 and 5.0.5
Alex Rousskov
rousskov at measurement-factory.com
Tue May 4 15:30:23 UTC 2021
On 5/4/21 1:16 AM, roie rachamim wrote:
> When trying to reach some times via https e.g. https://acadamy.atera.com
>
> Squid complains on missing Intermediate certificate.
> I see this in the logs:
>
> 2021/05/03 10:58:14.554| 83,4| support.cc(1147) untrustedToStoreCtx_cb:
> Try to use pre-downloaded intermediate certificates
> 2021/05/03 10:58:14.554| 83,5| support.cc(333) ssl_verify_cb: Unable to
> get local issuer certificate: /CN=*.atera.com <http://atera.com>
>
> From what i saw in the Wiki Squid 4 should include a mechanism to
> download required intermediate certificate, So does what i see make sense ?
I see no red flags in those two cache.log lines.
* If this is a TLS v1.3 connection, then you need to try with the latest
v5 snapshot to get commit 4624a2e. See Bug 5067 for more info:
https://bugs.squid-cache.org/show_bug.cgi?id=5067
* Otherwise, more information is needed to figure out why Squid did not
try to fetch the missing certificates, tried but failed, or succeeded
but they were not enough to validate. To know whether Squid tried to
fetch intermediate certificates, you can check access.log. For more
details, consider sharing debugging cache.log of the whole problematic
transaction.
https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction
HTH,
Alex.
More information about the squid-users
mailing list