If your server listens on a public IP, you can use a valid certificate. On Tue, May 26, 2020 at 7:24 PM Julien TEHERY <julien.tehery@xxxxxxxxxxxxxxxxxxx> wrote: > > Hi there, > > I'm actually facing a problem with Squid 4.6-1 (Debian 10). > I'm using squid with https_port directive, using an SSL certficate ( a true one, not self signed) > > Here is the simple setup: > > https_port X.X.X.X:8443 tls-cert=/etc/squid/mywildcard.com.pem > > The fact is that setup works for all firefox version using a proxy.pac file for HTTPS connexions to the squid server. > But for chrome this is quite different. Indeed chrome uses the system's proxy settings and i noticed that sometimes it would work and sometinles it would fail. > To make it work all the time i had to add my intermediate certificate (thawte) in the local store, so that means intermediate certificate has not been delivered by the squid server as it should. > > The pem file in the above setup allreadycontains this (pem file done by concatenating private key, cert, intermediate and root CA. I also tried the following syntax: > > https_port X.X.X.X:8443 cert=/etc/squid/mywildcard..com.cer key=/etc/squid/mywildcard.com.key cafile=/etc/squid/mywildcard..com-intermediaire.txt > > but each time i try to see with openssl client if my intermediate is delivered, it's not > I use "openssl s_client -showcerts -connect myproxy.com:8443" > > If i do the same thing on an apache server with the same certificate files i can see both certificate and intermediate. Why squid isn't able to show it, did i miss something ? > > > Thanks for your help > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
