Hi,
Can someone please help me out here? In a nutshell, I am using a
proper signed certificate(not self signed) to generate certificates.
The chain is my certificate -> intermediate CA -> root CA. I cannot
make squid send the entire certificate chain to the clients and this
is breaking many applications in our network.
I am using squid 3.3.1. Please help.
Regards,
Prasanna
On 4/11/13, Prasanna Venkateswaran <prascalls@xxxxxxxxx> wrote:
> Hi Guy,
> We want to be a man-in-the middle but we want to get the
> approval from clients/end-users out of band by accepting the terms and
> conditions. The self signed certificates is sort of ok with browsers.
> But many other applications like dropbox sync, AV dat update, vpn ,
> etc fail because of the untrusted certificate. On top of it we have
> some headless devices in our network as well. Since we anyway have
> this information in our terms and conditions we would like to move to
> a trusted chain so that all the applications work as expected..
>
> Gentlemen,
> I see some users have already asked help/reported bug about the
> same thing like,
> http://www.squid-cache.org/mail-archive/squid-users/201112/0197.html.
>
> I also see that changes have been done in squid to support this
> behavior as well.
> http://www.squid-cache.org/mail-archive/squid-dev/201110/0207.html
>
> I followed the steps from this thread for configuration and I
> still dont see the chain information sent to the clients.
> http://www.squid-cache.org/mail-archive/squid-users/201109/0037.html
>
> So has the behavior of squid changed in recent times? Or am I
> missing something in my configuration. How to make squid send the
> entire certificate chain to clients? Please help.
>
> Regards,
> Prasanna
>
