On Feb 20, 2013, at 11:30 AM, skylab <skylab11@xxxxxxxxx> wrote: > Hi, > I'm new in Squid configuration and I have problems with HTTPS sites. I > searched a lot but I didn't find a solution. > I can't open any https site and I have different error messages in different > browsers: > - in firefox www.gmail.com returns ssl_error_bad_cert_domain > - in chrome www.gmail.com returns "The site's security certificate is > not trusted!" > - in firefox www.facebook.com returns "The page isn't redirecting > properly" > - in chrome www.facebook.com returns "This webpage has a redirect loop" > (Error 310 net:: ERR_TO_MANY_REDICTS) > > In cache.log there are these messages: > /2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL > connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca (1/0) > 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL > connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca (1/0) > 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL > connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca (1/0) / Because of the "unknown ca" errors, it seems likely that you need to set sslproxy_cafile and/or sslproxy_capath so Squid can validate the server SSL certificates. Guy
