On 11/26/19 10:54 AM, robert k Wild wrote: > as i have configured both internal proxy (non internet facing) and > external proxy (internet facing) from source, Please show the essential parts of both internal and external Squid configurations for the broken setup (at least). It is difficult to guess what went wrong because the guide you are quoting does not talk about internal and external proxy instances _and_, in most cases, simply adding a valid http_port line has no effect on test cases that worked before -- the new port will be unused by the old test traffic. It is not even clear which proxy you are adding the SslBump configuration to. Thank you, Alex. > followed this guide - > https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > > it works if i comment out the ssl lines - > > #SSL > #http_port 3128 ssl-bump \ > #cert=/etc/squid/ssl_cert/myCA.pem \ > #generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > #sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s > /var/lib/ssl_db -M 4MB > #acl step1 at_step SslBump1 > #ssl_bump peek step1 > #ssl_bump bump all > > but as soon as i uncomment them it breaks the link between both servers > > this is the error i get from the internal proxy when it tries to contact > the external proxy > > https://i.postimg.cc/JzC29gh8/ssl.png > -- > Regards, > > Robert K Wild. > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
