On 21/02/2013 11:11 a.m., Guy Helmer wrote:
On Feb 20, 2013, at 11:30 AM, skylab <skylab11@xxxxxxxxx> wrote:Hi, I'm new in Squid configuration and I have problems with HTTPS sites. I searched a lot but I didn't find a solution. I can't open any https site and I have different error messages in different browsers: - in firefox www.gmail.com returns ssl_error_bad_cert_domain - in chrome www.gmail.com returns "The site's security certificate is not trusted!" - in firefox www.facebook.com returns "The page isn't redirecting properly" - in chrome www.facebook.com returns "This webpage has a redirect loop" (Error 310 net:: ERR_TO_MANY_REDICTS) In cache.log there are these messages: /2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) /Because of the "unknown ca" errors, it seems likely that you need to set sslproxy_cafile and/or sslproxy_capath so Squid can validate the server SSL certificates. Guy
And/or the openSSL ca-certificates list is outdated and needs an upgrade. Amos
