On 3/03/2015 1:29 a.m., Alan Palmer wrote: > Squid 3.5.2 intercept mode and Avast free antivirus 2015 on windows 7 > aren't playing well together. Chrome returns a ca invalid error, > details reveal > its the avast web/mail shield cert that its not being trusted. > Everything works if > I turn the webshield off, or on a very strange note, works fine on a > Windows XP > (I know, old/bad, upgrade blah blah) machine also running avast 2015. The > windows XP version does have a difference cert than the windows 7 version > however. Avast seems to be doing a sslbump on its own between the client > and the squid proxy. Does anyone else have a similar setup working, and > if so > whats the magic incantation to make it play nice? This is roughly what the inter-tubes usually look like: browser -> AV ===> router ===> NAT -> Squid ===> Internet As you can see the browser -> AV link has to be working first before traffic has a chance of even getting near Squid. So config in Squid is not going to help there. You may be able to get the Avast CA cert to be trusted by Chrome. Otherwise a reasonable backup is to drop the WebShield on-machine and using ICAP in Squid to pass traffic to an AV scanner instead. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
