Hi, I'm using ssl-bump in my forward proxy squid3.2.3, I try to access https://centos.org, I get this error: (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) SSL Certficate error: certificate issuer (CA) not known: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 But when I bypass proxy access this site in IE9, it's ok, so I think the problem is ssl-bump proxy, no the untrust ssl certficate. This is my configure: http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem key=/usr/local/squid/etc/key.pem sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/var/ssl_db -M 4MB -- Regards, John Xue
