-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 6/10/2014 4:24 p.m., Robert Watson wrote: > still trying to get this working. To eliminate the self signed > certificate issue, I got a official signed certificate from > Starfield Tech. LLC. They've sent two certifcates but I'm unsure > how to use these certificates since the ssl_bump parameters only > have one certificate as a parameter The CA is very unlikely to be issuing you certificates capable of use in Squid in the way intended. It is illegal for a trusted root CA to do so in the country they are registered. Besides that it is downright foolish for them to give up their trust reputation. Look at what happened to DigiNotar. The point of self-signed is that _your Squid_ is the root CA signer. The ssl-bump feature in current Squid makes parameter cert= take the self-signed CA certificate in PEM format. Squid generates the rest of the certificte chain as necessary. > > On Sun, Oct 5, 2014 at 8:52 AM, Eliezer Croitoru wrote: > > On 10/05/2014 01:22 PM, Amos Jeffries wrote: >>>> MSIE 11 seems to be growing in popularity for some reason >>>> ;-) >>>> >>>> Amos > > And Still there is: > http://bugs.squid-cache.org/show_bug.cgi?id=4115 > > For now I am using ssl_crtd of 3.4.5 for google ssl bump to work. > > Eliezer Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUMkdGAAoJELJo5wb/XPRjygMH/Rk0EYwCgluL1YCWNa8cTZHN RkPNY1fTbe7U0ioB7J69KTJ07XH8sy0w9bChB5s/siodi3WD8ogZ3VdtEYxcqjf1 9yhb771Il3IiVaAiuF62FHWTEHjwHwTcBVR7/cDxigPW2VuSyyhZsdA8ayl1ZUXO jW44IH5g0Sja7KVJAfS67AANG4Sp4vMh1rGdXpbP8Bq8QGposL3viGh51z3k6/OP Dok8oVIsIluICLc8sLAKJbJwaBYSh0SLBrnNUv0Yl6+MtAFNfViXJGa3OfRG5ucQ aTS9Be4vzJthVdV1+tTtqubCvjrYB7PqQcfL9VzA4UlvQovgPDAnVMO074Kyjug= =k3K8 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
