Search squid archive

Re: SSL bump not working w/some sites.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/11/2016 3:40 p.m., L. A. Walsh wrote:
> Alex Rousskov wrote:
>> On 11/07/2016 11:59 AM, L. A. Walsh wrote:
>>>
>>>    (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
>>>
>>>    Self-signed SSL Certificate in chain: /C=US/O=Entrust, Inc./OU=See
>>> www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized
>>> use only/CN=Entrust Root Certification Authority - G2
>>
>> ... because your Squid/OpenSSL setup does not trust the above root
>> certificate at the end of the server certificate chain.
> ---
>     Weird.  I don't know who they are... it is on/for a US gov
> website...   Given all the hacks going on recently, not so sure
> I should just accept it.

It should be safe enough to check that your system CA set is up to date.
There were changes as recently as a week ago.

You will only have to face the tricky decisions about whether to trust
the CA if the problem remains when you have the latest globaly trusted
set installed.


You could try the sslproxy_foreign_intermediate_certs option Yuri
mentioned. But I think it will not help in this particular case since
Squid will trust those foreign certs only if they are used as
intermediate certs in a chain, this error apears to be about a root cert.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux