________________________________ From: Rafael Akchurin <rafael.akchurin@xxxxxxxxxxxx> > > This article tries to explain why it happens. > https://docs.diladele.com/faq/squid/fix_unable_to_get_issuer_cert_locally.html#ssl-certificate-test-tool-in-web-safety-5 > > To fix it - better use what Yuri recommended in http://squid-web-proxy-cache.1019090.n4.nabble.com/Howto-fix-X509-V-ERR-UNABLE- > TO-GET-ISSUER-CERT-LOCALLY-Squid-error-td4682015.html Thanks Raf. That really helped. I successfully installed the intermediate certificate as a trusted CA system-wide with openssl (used 'update-ca-certificates'). However, I tried using the Squid config directive for intermediate certs instead, but failed. This is what I did: # wget http://somewhere/intermediate.crt -O intermediate.der # openssl x509 -inform der -in intermediate.der -out intermediate.crt # cat intermediate.crt >> /usr/local/share/proxy-settings/allowed.certs In squid.conf: sslproxy_foreign_intermediate_certs "/usr/local/share/proxy-settings/allowed.certs" Restarted Squid but still had the same error page. I guess I can stick to the system-wide openssl solution for now. Thanks again, Vieri _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
