Here are logs from /usr/local/squid/var/lib/ssl_db/index.txt V 131124202916Z 058BD142 unknown /CN=www.microsoft.com-----BEGIN CERTIFICATE----- V 131124203005Z 058BD143 unknown /CN=clients1.google.com-----BEGIN CERTIFICATE----- V 131124203006Z 058BD144 unknown /CN=mail.google.com-----BEGIN CERTIFICATE----- On Mon, Dec 27, 2010 at 1:00 PM, Alex Ray <alexray@xxxxxxxxxxxxxxx> wrote: > No, the certificate is being made, just incorrectly. Look at the common name: > > microsoft.com-----BEGIN CERTIFICATE----- > > ^ I'm fairly sure that "-----BEGIN CERTIFICATE-----" shouldn't be a > part of the CN for microsoft.com. > > On Mon, Dec 27, 2010 at 12:42 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: >> On 28/12/10 06:42, Alex Ray wrote: >>> >>> Looks like dynamic ssl certs are still broken as of 3.2.0.4: >>> >>> microsoft.com uses an invalid security certificate. >>> >>> The certificate is not trusted because it is self-signed. >>> The certificate is only valid for microsoft.com-----BEGIN CERTIFICATE----- >>> >>> (Error code: sec_error_untrusted_issuer) >> >> Does your browser trust the signing CA? >> That message does not show up if the CA is installed in the browser. >> >> Amos >> -- >> Please be using >> Current Stable Squid 2.7.STABLE9 or 3.1.10 >> Beta testers wanted for 3.2.0.4 >> > -- Alex Ray Technical Support Representative Enhanced Software Products, Inc. www.espsolution.net 800 456-5750 NOTICE: This e-mail may contain confidential or legally privileged information and is intended solely for delivery to the specific person identified as the recipient. Any review, re-transmission, dissemination or other use or taking of any action in reliance upon this e-mail by persons other than the intended recipient is prohibited and may require legal action. If you receive this e-mail in error, please contact me at the address above and delete from your computer system, or otherwise from your records, the information, which was transmitted to you in error.