-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/11/2014 5:38 a.m., HaxNobody wrote: > Hello, > > We are trying to configure Squid with SSL bump in order to filter > traffic with a content filter. We have an existing self-signed root > certificate and private key that we use successfully with other > similar proxy software, and we wish to re-use it with Squid so that > we don't have to distribute a new root certificate to our clients. > > However, when we try to use our existing root with Squid, we get > SSL errors from the browser and we are quite stumped as to why they > are happening. The story begins here: https://www.imperialviolet.org/2011/05/04/pinning.html .. the other browsers picked up and also started pinning domain certificates some time ago. The rest of the story is that Squid 3.3 is now quite old and in terms of ssl-bump specifically is it outright obsolete technology. Your best chance is to upgrade to the latest release and try again. A fix will only be worth fixing (or even investigating) if the problem persists with the latest Squid-3.5 (beta) ssl-bump features. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUdaEkAAoJELJo5wb/XPRjCqEH/AhtJLeDaFEJfNDodZkcPLU/ KlvBtvPKQBkint01uNYONNSH5VEIRGBwoDcLmMeczswforgUjQPB6RfQEFbf0KU0 6vGT2c7i2l+vYHY4OBEkCFN1DklW/Z/caPjKfN8C2bJw863CtYLoMi3LUHH46txC 3xLeRHGerWY6AGUcSwvw0V33zGrhxXHgPugii6iTQ6juaCOJxpKiEyftwYGuCZxa y1r4htpskSUjlJBX1N6Fj1cSuJ8L9rpsubEts/ENDeuPWj/YXHPX/N9iFhLQ6Trr bMH9zc/CHOpxYJNJQIjnowQNMh2oeEc3pISnSRSgoEDEXZ28kg9qi97SdeR8ayQ= =N4Au -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
