On 8/11/2016 3:40 p.m., L. A. Walsh wrote: > Alex Rousskov wrote: >> On 11/07/2016 11:59 AM, L. A. Walsh wrote: >>> >>> (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) >>> >>> Self-signed SSL Certificate in chain: /C=US/O=Entrust, Inc./OU=See >>> www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized >>> use only/CN=Entrust Root Certification Authority - G2 >> >> ... because your Squid/OpenSSL setup does not trust the above root >> certificate at the end of the server certificate chain. > --- > Weird. I don't know who they are... it is on/for a US gov > website... Given all the hacks going on recently, not so sure > I should just accept it. It should be safe enough to check that your system CA set is up to date. There were changes as recently as a week ago. You will only have to face the tricky decisions about whether to trust the CA if the problem remains when you have the latest globaly trusted set installed. You could try the sslproxy_foreign_intermediate_certs option Yuri mentioned. But I think it will not help in this particular case since Squid will trust those foreign certs only if they are used as intermediate certs in a chain, this error apears to be about a root cert. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users