One out of two. Either the Squid does not see the OpenSSL/system
root CAs bundle, or the proxy CA's public key is not installed in
the clients. It's all.
19.07.2017 23:30, Walter H. пишет:
Hello,
this seems not to be the problem, as the error messages are in
cache.log, which is not a browser problem ...
the question: are the SSL bumped sites in intranet, which use a
self signed CA cert itself, which squid doesn't know?
On 19.07.2017 17:36, Yuri wrote:
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
http://i.imgur.com/A153C7A.png
19.07.2017 21:34, Cherukuri, Naresh пишет:
Hi All,
I installed Squid version 3.5.20 on RHEL 7 and generated
self-signed CA certificates, My users are complaining
about certificate errors. When I looked at cache.log I see
so many error messages like below. Below is my squid.conf
file. Any ideas how to address below errors.
Cache.log
2017/07/18 16:05:34 kid1| Error negotiating SSL
connection on FD 689: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
2017/07/18 16:05:34 kid1| Error negotiating SSL
connection on FD 1114: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
2017/07/18 16:05:37 kid1| Error negotiating SSL
connection on FD 146: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
2017/07/18 16:05:41 kid1| Error negotiating SSL
connection on FD 252: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
2017/07/18 16:05:41 kid1| Error negotiating SSL
connection on FD 36: error:14094416:SSL
routines:SSL3_READ_BYTES:sslv3 alert certificate unknown
(1/0)
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
|
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users