Hello, Matus, I also found the document. It should be sending the chain, but is not. When I specify cafile option it responds I shoud use tls-cafile. But in either case it is not sending. Walter, if squid has such requirement, then it is unfinished. Every other proxy is able to run its CA as an intermediate and clients install only root CA. The proxy should be responsible to hold the chain. The url Matus sent is the correct way how to do it, but is is not working. At least not in 4.8 vesion. Marek 2019-10-30 10:42 GMT+01:00, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>: >>On 30.10.2019 05:59, Marek Greško wrote: >>>I am trying to configure ssl bumping on squid 4.8 but my browser is >>>not able to validate the certificate due to intermediate certificate >>>missing. How could I convince squid to send it? > > On 30.10.19 10:11, Walter H. wrote: >>the ssl-bum certificate is either a root certificate itself which must >>be installed on the clients or an intermediate, where >>the root and all intermediates between must be installed on the clients > > do you mean that squid won't send intermediate certificate? > > this should be: > > https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpWithIntermediateCA > > -- > Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Honk if you love peace and quiet. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
