In SSL bump mode, I find I am hitting sites with incomplete certificate chains fairly often. When accessed directly, browsers will work it out - I guess by downloading the missing CA certs.
I know I can load the intermediate CA certs in my system DB as I encounter the issues. But, I'm wondering if others have more proactive solutions. Is there a list of commonly encountered certs, maybe just a subset like the top tier CAs? Or, is this being addressed in code making squid behave like browsers do?
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
