1. Using mozilla CA bundle instead of system (if exists) for squid. 2. Update mozilla CA bundle by script by cron on regular basis. 3. Have own manually maintained custom add_certs.pem list which combines with step 2 during updates. Thats all, folks. 08.02.2018 23:33, FredB пишет: > Hi All, > > In practise how you maintain the CA files? I'm testing SSLBump with Debian Jessie the package ca-certificates provides many certificates but less than the latest Firefox Browser. > How do you manage to keep all that in check? When a CA is missing you add the pem in you system config or exclude the website from SSLBump? > > EG: From my test https://wiki.squid-cache.org seems unknown (71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) > SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 > > Thanks > > Regards > Fred > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -- ***************************** * C++20 : Bug to the future * *****************************
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
