Hi,
![image.png]()
The second test is squid proxy chaining to Netskope (with ssl enabled): Result is failed to access internet (HTTP/HTTPS)
![image.png]()
I would like to proxy chaining squid to parent proxy on the cloud, Netskope proxy.
First of all, I configure http_port 3128 ssl-bump, without proxy chaining to parent proxy. And it works fine. However, my next step to add cache_peer to parent proxy with Netskope certificates loaded. It failed and shows sslv3 certificate unknown.
Below are my configuration and test results:
The first Test without proxy chaining to Netskope (just ssl-bump on squid proxy): normally access internet
My config:
http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/myCA9.pem key=/etc/squid/ssl_cert/myCA9.pem generate-host-certification=on dynamic_cert_mem_cache_size=4MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
Cache.log:
normally access https://translate.google.com
The second test is squid proxy chaining to Netskope (with ssl enabled): Result is failed to access internet (HTTP/HTTPS)
My config: (where I put Netskope intermediate & root certs on /etc/squid/ssl_cert/)
http_port 3128 ssl-bump cert=/etc/squid/ssl_cert/myCA9.pem key=/etc/squid/ssl_cert/myCA9.pem generate-host-certification=on dynamic_cert_mem_cache_size=4MB
cache_peer pxc-sasesg-tpe.eu.goskope.com parent 8080 0 no-query default ssl sslpath=/etc/squid/ssl_cert/ sslcafile=/etc/squid/ssl_cert/cacert-2020-01-01.pem login=PASSTHRU ssloptions=NO_SSLv2 sslflags=DONT_VERIFY_DOMAIN
never_direct allow all
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
Cache.log once squid restart, It shows “ sslv3 alert certificate unknown”
CANNOT access https://translate.google.com
Do you see anything wrong?
BR,
Michael
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
