squid -v: Squid Cache: Version 3.3.10 configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/bloxx-squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--with-logdir=/var/log/squid3' '--with-swapdir=/var/spool/squid3' '--with-pidfile=/var/run/squid3.pid' '--enable-dependency-tracking' '--enable-wccp' '--enable-wccp2' '--disable-icmp' '--disable-htcp' '--disable-ident-lookups' '--disable-poll' '--enable-ssl' '--enable-epoll' '--enable-delay-pools' '--enable-default-languages=English' '--enable-err-languages=English' '--enable-storeio=diskd,ufs,aufs' '--enable-async-io' '--enable-auth' '--enable-basic-auth-helpers=LDAP,NCSA' '--enable-digest-auth-helpers=password' '--enable-icap-client' '--enable-underscores' '--with-maxfd=65536' '--with-default-user=proxy' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -Wall' apparmor_status: apparmor module is loaded. 7 profiles are loaded. 7 profiles are in enforce mode. /sbin/dhclient /usr/bin/freshclam /usr/lib/NetworkManager/nm-dhcp-client.action /usr/lib/connman/scripts/dhclient-script /usr/sbin/clamd /usr/sbin/ntpd /usr/sbin/tcpdump 0 profiles are in complain mode. 2 processes have profiles defined. 2 processes are in enforce mode. /usr/bin/freshclam (1206) /usr/sbin/ntpd (1942) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. ip addr: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:5d:28:60:31 brd ff:ff:ff:ff:ff:ff inet 192.168.137.138/24 brd 192.168.137.255 scope global eth0 3: gre0: <NOARP> mtu 1476 qdisc noop state DOWN link/gre 0.0.0.0 brd 0.0.0.0 Unfortunately, these CA certificates aren't ones that I have created, and I don't know what OpenSSL config flags might have been used to create them. We have had them in use with other proxy software without getting any errors or browser warnings once the root is installed. It's only with this server that we get errors and warnings, even with the same cert installed in the browser/on the machine. I don't really want to share any other specific info (certs, IP addresses) publicly, but let me know if you need them for testing and I will email them to you. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Existing-root-certificate-not-working-with-SSL-Bump-squid-3-3-10-tp4668515p4668670.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users