On 18/01/2016 10:13 a.m., Roman Gelfand wrote: > I am not sure where I am going wrong here... > > > ssl bump certificate > openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout > squidCA.pem -out squidCA.pem > > The der certificate was generated and deployed on client computer trusted > root > openssl x509 -in squidCA.pem -outform DER -out squidCA.der > > > squid.conf > http_port 3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/usr/local/ssl_cert/squidCA.pem > What makes you think the squid-to-client certificate details have anything to do with the server-to-squid certificate failing to verify? Your issue is probably: * outdated Trusted CAs installed on the Squid machine, and/or * the certificate the server is presenting to Squid being invalid, and/or * the certificate chain being presented by the server being icomplete, and/or * non-TLS response coming back to Squid from the server, and/or * someone else MITM'ing the connection upstream of Squid. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users