-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In theory - yes. You must add all intermediate CA's to you openssl cert's bundle manually. 25.02.15 10:18, Alex Samad пишет: > Hi > > I am running squid on Centos 6.5 squid-3.1.10-29.el6.x86_64 > > when I browse to https://www.quadriserv.com from IE or Chrome via > the squid proxy, it seems to corrupt the server cert. > > when i browse to the site by passing squid it works fine. > > I have tried wget from the squid box works fine also tried openssl > s_client > > openssl s_client -connect www.quadriserv.com:443 -showcerts > </dev/null | less > > -----BEGIN CERTIFICATE----- > MIIFyTCCBLGgAwIBAgIRAJfNWR72clr8JgXbvgA+uqgwDQYJKoZIhvcNAQEFBQAw > YjELMAkGA1UEBhMCVVMxITAfBgNVBAoTGE5ldHdvcmsgU29sdXRpb25zIEwuTC5D > LjEwMC4GA1UEAxMnTmV0d29yayBTb2x1dGlvbnMgQ2VydGlmaWNhdGUgQXV0aG9y > aXR5MB4XDTEzMTAyMjAwMDAwMFoXDTE4MDQxMjIzNTk1OVowgdMxCzAJBgNVBAYT > AlVTMQ4wDAYDVQQREwUxMDAxNzELMAkGA1UECBMCTlkxFjAUBgNVBAcTDU5ldyBZ > b3JrIENpdHkxEzARBgNVBAkTCjE0dGggRmxvb3IxFjAUBgNVBAkTDTUyOSBGaWZ0 > aCBBdmUxFzAVBgNVBAoTDlF1YWRyaXNlcnYgSW5jMQswCQYDVQQLEwJJVDEhMB8G > A1UECxMYU2VjdXJlIExpbmsgU1NMIFdpbGRjYXJkMRkwFwYDVQQDFBAqLnF1YWRy > aXNlcnYuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Oa12dWu > 84WE2CeA0hVoFAw50+HpoB30Gi7uQ9/NK0A+gt8Igk5Vcwub6atldIiVc62k7v/9 > DPZNoBxsOVopaTuDA54E6wnHEYve6VCr2xlQAnJEraIDZnvvQG/YnC8/ll44Yg06 > MWVvMSug7oDSLhPPRX5ZjkQikpB6XKO1OhUUOJghUfo0YlG4I/8MBWpvJitaJOH9 > pELBmepJFcpBvkij20Nk6MZu8kwzVs21Rp4FTEHpSH9Iagn7kw186nHqZkl+9D7e > UxM4IKc74j++Z2RjEPpPLLMcJYakD6kgkCUSkqiGmUS6R/4KBtbsE39lgJxNQDHU > Kqn5boHiyOjEZwIDAQABo4ICBjCCAgIwHwYDVR0jBBgwFoAUPEHijwgIqUwliY1t > xTjQ/IWMYhcwHQYDVR0OBBYEFCEGQeaf1tkMz9/3AA3y99GiCgzQMA4GA1UdDwEB > /wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF > BQcDAjB1BgNVHSAEbjBsMGAGDCsGAQQBhg4BAgEDATBQME4GCCsGAQUFBwIBFkJo > dHRwOi8vd3d3Lm5ldHdvcmtzb2x1dGlvbnMuY29tL2xlZ2FsL1NTTC1sZWdhbC1y > ZXBvc2l0b3J5LWNwcy5qc3AwCAYGZ4EMAQICMHoGA1UdHwRzMHEwNqA0oDKGMGh0 > dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNybDA3 > oDWgM4YxaHR0cDovL2NybDIubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25z > X0NBLmNybDBzBggrBgEFBQcBAQRnMGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cu > bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zX0NBLmNydDAlBggrBgEFBQcw > AYYZaHR0cDovL29jc3AubmV0c29sc3NsLmNvbTAbBgNVHREEFDASghAqLnF1YWRy > aXNlcnYuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCsgRiTxwFDYa+3AZFzFj7XuhP3 > LuEuI55Ppj0SwLfBjLeiHuQB616V536O1TWqbJGUc1KhXwiTh6kDFx5RXVGohV1f > qoaVFoKMkX+fVkG3VNjGmaqaZalweWRf0s6jMskWuSUQkWdADGnNCnqRxIrtyLfS > 7/OHak+o2W0R+0jdsiUiLC7iZLzgpdFwHUa1wEVSjz2rCaI0TjEDkUKGfDITzZ9J > IY64c7QiYjzNF/PzlCIpL6zwPqnswLp25WOPM1jE4mqsK/9Z6Q0SWckk8WRTnlQA > YIbTFxXiY5fkkc4wdNNJZDv2R/nW9VkkK4u4qiJQ5Q5Y3iqHic+D3GZ2l2nT > -----END CERTIFICATE----- > > seems to be okay > > but the one thing I can't do it verify it. seems lilke C=US, > O=Network Solutions L.L.C., CN=Network Solutions Certificate > Authority is missing from my rootCA bundle. > > would that be enough to cause this ? > > Alex _______________________________________________ squid-users > mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJU7YqBAAoJENNXIZxhPexGFi4H/idMIbVpk6GzwBP0QPm29eR+ JQCnuDRbqT8ZmTgaHTS2z6ho/RcaKfWjc59vLuA2P2Zoh6BqdM+DJJMaX8t5k+lL DjXaLwjYruDu97BaW2dM1L2NBiUbQX0f41cSgQOonCbzOnRglZInG+3kD8Oag8er /wOqRLjQPUdJBH/+j/fyZ3sQkRk0NoN906F5vsTY5Iv03ZMK0Ng7cVNAmEI+XxWH 4AY8K2TySbVHx0hstGRPCOf2fgqDVRnM6uQYQnMU59tt/Nz4mSVXenFWT2OyRLm2 ENRtJr9gExHuAJYaJsTWMySB1BVl7sLHz+V6Tv/v0AYF/jlAc6Q3F42lnjCH+lQ= =7e/p -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users