On 7/12/2013 6:33 a.m., Stefan Frei wrote: > Hello there > > i somehow fail to install the intermediate ca on my squid... > > here the relevant info > > https_port someip:443 accel > cafile=/etc/ssl/certs/verisign.intermediate.ca > cert=/etc/ssl/certs/somedomain.com.crt > key=/etc/ssl/private/somedomain.com.key defaultsite=somedomain.com > vhost > > > and here the content of intermediate ca > > (from verisign website) > <snip certs> > > it looks like the intermediate cert is not passed to the browser > properly, dont know why. > > chrome and firefox version 25 are working, but not version 24 of > firefox(he doesnt have the intermediate i n its local cache). That sounds more like a bug in Firefox that got fixed between the versions. Or the new versions being tested have updated ca-certificates records. Anyway, cafile= parameter in Squid is used for verifying *client* certificates. Try combining your certificate and the CA chain into one PEM format file for Squid to load using the cert= parameter. Amos
