Hi there I'm using sslbump and I just got blocked logging into hotmail for the first time (yeah, slumming it ;-) The cert is for bay181.mail.live.com, and squid is generating a "CN=Not trusted by xxxxx" type cert, as I assume it wasn't signed by a CA that squid knew about? I whitelisted live.com (ie don't bump it any more) and the problem goes away for Firefox I'm running Ubuntu 14.04, so does this mean that the db of CA's Ubuntu trusts does not include the same CA-chain that browsers do? ie, I have http_port 3128 ssl-bump cert=/usr/local/squid/etc/squidCA.cert capath=/etc/ssl/certs/ so this means the CA's Ubuntu lists in /etc/ssl/certs/ is "out of date" compared with Firefox? Really a rhetorical question, just kinda wanting to know about where sslbump will run into trouble, etc :-) -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
