Hi List, I've just set up a new SSL interception proxy using peek/splice/bump using squid 4.0.22 and I'm getting SSL errors on some site indicating missing intermediate certs as described here: I have read the wiki and I see this on the SslBumpExplicit page: "Squid-4 is capable of downloading missing intermediate CA certificates, like popular browsers do." However I'm finding that I have to follow the procedure in the diladele article and manually install the intermediate certs into the PKI trust to work around this. My interception config is like this: ssl_bump splice localhost nobumpdoms is an acl pointing to a file listing domains that should not be subject to interception, and works fine. Is there something else I have to specify to get squid4 to behave
as described on the wiki? Many thanks, Alex -- This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately. This email is not intended to, nor should it be taken to, constitute advice. The information provided is correct to our knowledge & belief and must not be used as a substitute for obtaining tax, regulatory, investment, legal or any other appropriate advice. "Transact" is operated by Integrated Financial Arrangements Ltd. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856). |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users