Search squid archive

sslBump, error SSL unknown certificate error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have squid 3.1.0.14 running with the configuration below to forward
decrypted traffic from sslBump to icap for inspection. 

When i browse non SSL sites with sslBump enabled everything is fine

When i browse SSL sites with sslbump disabled everything is fine. 

When I browse SSL sites with sslbump enabled i receive the following errors:

2009/10/27 10:57:41| SSL unknown certificate error 19 in
/C=US/ST=Arizona/L=Phoenix/O=American Express Company/OU=Web
Hosting/CN=www.americanexpress.com

2009/10/27 10:57:41| fwdNegotiateSSL: Error negotiating SSL connection on FD
14: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed (1/-1/0)

My certificate is my company wildcard certificate.

Squid Config:

icap_enable on

icap_service service_req reqmod_precache 1 icap://10.207.214.22:1344/request
adaptation_access service_req allow all

icap_service service_resp respmod_precache 0
icap://10.207.214.22:1344/response
adaptation_access service_resp allow all

# configure the HTTP port to bump CONNECT requests
http_port 3128 sslBump cert=/usr/local/squid/etc/cert.pem


# Bumped requests have relative URLs so Squid has to use reverse proxy
# or accelerator code. By default, that code denies direct forwarding.
# The need for this option may disappear in the future.
always_direct allow all

# avoid bumping requests to sites that Squid cannot proxy well
acl broken_sites dstdomain .webax.com
ssl_bump deny broken_sites
ssl_bump allow all

# ignore certain certificate errors or
# ignore errors with certain cites (very dangerous!)
acl TrustedName url_regex ^https://weserve.badcerts.com/
acl BogusError ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow TrustedName
sslproxy_cert_error allow BogusError
sslproxy_cert_error deny all

-- 
View this message in context: http://www.nabble.com/sslBump%2C-error-SSL-unknown-certificate-error-tp26084033p26084033.html
Sent from the Squid - Users mailing list archive at Nabble.com.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux