-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 16/01/2015 12:00 a.m., Yuri Voinov wrote: > > Hi gents, > > I have question. > > Look: > > 2015/01/15 16:48:50 kid1| clientNegotiateSSL: Error negotiating > SSL connection on FD 209: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15 > 16:50:50 kid1| clientNegotiateSSL: Error negotiating SSL connection > on FD 216: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca (1/0) 2015/01/15 16:52:51 kid1| clientNegotiateSSL: > Error negotiating SSL connection on FD 42: error:14094418:SSL > routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2015/01/15 > 16:54:54 kid1| clientNegotiateSSL: Error negotiating SSL connection > on FD 107: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca (1/0) > > Question is: How to debug SSL bump to know, which intermediate > certificate is absent in capath to get and install it to avoid > this annoying messages? The message is generated by OpenSSL and is all we get given. AFAIK a manual test using the openssl command line tool is needed to find out more. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUt6AOAAoJELJo5wb/XPRjcAIH/15EyfBYzgVQMjDRo2tcopuK fs/gxnizA0ZMgcZrbszbqJpnFyLgwX1FPpJRYcJNVDrEk5XTUee4bwPcMEj9UgzD oHHt2yLWIBC3kXVFlCiA1U49PStkF6zfs9hkVG6FZ5FBCUJFwIBaUouSwOcK+P48 v92KeMjtdfw8PuVGXKTeZXWpJ4tW+68KRdSrqEkdKxoaMIn/JrzzPBD56ageE852 ekRLCp1Mpq1okEvjbQK9UubpT5mJ4o31WZ+ayEStDqosqe4EYj+w+uPRE8Pi/uGl XdZTOlEBrWlQ0Lc1vKa7AWMcvB21GuZvIWeq+9sgKoNB+bKgzApmSDVWSKd3sZI= =o8wN -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
