| with your help. i changed my configure. and now the https problem is that SEC_ERROR_UNKNOWN_ISSUER. i use squid 3.5.27 as a transparent proxy and a icap client .With the proxy , i access most of https websites like www.amazon.com. but failed . So i want to know where problem is or how to deal with it. The webpage remind like" www.amazon.com used an invalid security certificate. The certificate is not trusted because of its self-signature. This certificate is invalid for the name www.amazon.com. Error code: SEC_ERROR_UNKNOWN_ISSUER " # Squid normally listens to port 3128 http_port 3120 http_port 3128 intercept https_port 192.168.51.200:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem #acl ssl_step1 at_step SslBump1 #acl ssl_step2 at_step SslBump2 #acl ssl_step3 at_step SslBump3 #ssl_bump peek ssl_step1 #ssl_bump splice all sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s /usr/local/squid/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1 #icap icap_enable on icap_preview_enable on icap_preview_size 1024 icap_send_client_ip on adaptation_meta X-Client-Port "%>p" icap_206_enable on icap_persistent_connections off icap_service service_req reqmod_precache 0 icap://192.168.51.200:1344/echo icap_service service_res respmod_precache 1 icap://192.168.51.200:1344/echo adaptation_access service_res allow all adaptation_access service_req allow all |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
