On 18/10/2012 9:53 p.m., guest01 wrote:
Hi, We are using Squid 3.1.12[1] in our environment as forward-Proxy with a PAC-file for HTTP and HTTPs. As far as I know, HTTPs works via the CONNECT-method (we are not using any SSL-bump-stuff) and should not touch the SSL certificate at all. Unfortunately, we are currently experiencing a strange behavior with a SSL certificate for only a couple of users (win7 clients with IE9 and ldap basic authentication): URL: https://www.brandschutz-online.cc/kastner/ certification path without proxy: GeoTrust Global CA -> RapidSSL CA -> www.brandschutz-online.cc If we are using Squid as proxy, we get following certification path in IE9: www.brandschutz-online.cc IE9 is complaining about a certificate error. Any idea why this is happening? Usually, everything is working for HTTPs without any browser complaints.
That would be something between those users machines and the website in question. You are quite right about Squid not touching or having anything to do with the SSL portion of the request in your setup.
At a guess I would say look at the TLS/SSL versions supported and used by those users and by the website. The encryption details probably do not overlap at some point - or the site has something in its cert they are now validationg for but older software did not.
Amos
