[squid-users] Squid 6.8 SSL_BUMP TLS Error
Rauch, Mario
Mario.Rauch at dieboldnixdorf.com
Thu Apr 18 08:13:37 UTC 2024
Hello,
We have created a DER version of the PEM certificate which Squid uses and imported this into client certificate store using script like this:
certmgr /add DN_SIGNATOR_CA.der /r localMachine /s root
DN_SIGNATOR_CA.der is the self signed certificate
Maybe there must be some additional or changed setting in config from 3.5 > 6.8 Squid version?
As I wrote on old server with Squid 3.5 and same certificate it worked. Should I attach both config files?
Regards,
Mario
Von: squid-users <squid-users-bounces at lists.squid-cache.org> Im Auftrag von Alex Rousskov
Gesendet: Mittwoch, 17. April 2024 19:53
An: squid-users at lists.squid-cache.org
Betreff: Re: [squid-users] Squid 6.8 SSL_BUMP TLS Error
On 2024-04-17 09: 07, Rauch, Mario wrote: > We are receiving following errors when clients > want to connect to specific website using ssl bump feature and self > signed certificate: > > 2024/04/17 14: 55: 15 kid1| ERROR: failure
On 2024-04-17 09:07, Rauch, Mario wrote:
> We are receiving following errors when clients
> want to connect to specific website using ssl bump feature and self
> signed certificate:
>
> 2024/04/17 14:55:15 kid1| ERROR: failure while accepting a TLS
> connection on conn275 local=185.229.91.169:3128
> remote=81.217.86.125:63673 FD 16 flags=1:
> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>
> Does somebody know what the problem could be?
$ openssl errstr A000418
error:0A000418:SSL routines::tlsv1 alert unknown ca
Looks like the client does not trust Squid certificate and tells Squid
about that lack of trust via a TLS alert. Did you configure the client
to trust the certificate your Squid is using for bumping client connections?
HTH,
Alex.
> With old Squid 3.5 it worked with almost same config and certificate.
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
https://urldefense.com/v3/__https://lists.squid-cache.org/listinfo/squid-users__;!!Gb9UCRAl!8v8DHhzXtUPSxAheCy_Rh2E-Sywz_Z-_afBDDwJUCCJ0ojG5KeBK_73nBnc3Uo6bz9cIuzHlHwrxDZNznVMO1E0k3oPcDpH5ysNH$<https://urldefense.com/v3/__https:/lists.squid-cache.org/listinfo/squid-users__;!!Gb9UCRAl!8v8DHhzXtUPSxAheCy_Rh2E-Sywz_Z-_afBDDwJUCCJ0ojG5KeBK_73nBnc3Uo6bz9cIuzHlHwrxDZNznVMO1E0k3oPcDpH5ysNH$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240418/e726b780/attachment-0001.htm>
More information about the squid-users
mailing list