Hi av, have had the same issue due to authenticate any user before passing the proxy. Squid couldn't fetch the intermediate certificates. I added the following in squid.conf before the line "acl Authenticated_Users proxy_auth REQUIRED": ### #Allow fetch intermediate certs before required authentication acl fetched_certificate transaction_initiator certificate-fetching cache allow fetched_certificate http_access allow fetched_certificate ### Hope this helps you too. Lot regards Schroeffu PS: DKIM verification failed for sender ml@xxxxxxxxxxx 30. Januar 2020 08:51, "Andrea Venturoli" <ml@xxxxxxxxxxx> schrieb: > Hello. > > I'm experimenting SSLBump and I've got a problem: when a client visits a > site which won't provide intermediate SSL certificates, the connection > will fail. > I read Squid 4 should download such certificates itself, however this > does not succeed. > I see in the logs something like: > >> 1580334345.045 1 - TCP_DENIED/403 3634 GET >> http://secure.globalsign.com/cacert/gsorganizationvalsha2g2r1.crt - HIER_NONE/- >> text/html;charset=utf-8 > > Seems like an ACL problem. > There is no source IP, but a - (dash): I guess this means the connection > was originated from Squid itself. > > Is there a specific keyword I need to use to allow such connections? > "localhost" doesn't seem to do the trink. > > Any help appreciated. > > bye & Thanks > av. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
