On 28.05.20 06:32, Julien TEHERY wrote:
I retried everything possible in terms of order in the pem file. from my workstation, if i do "openssl s_client -showcerts -connect mysquid.mycompany.com:8443" i only get one certificate/issuer, but the same command on same server but different port (apache listenning on 443), i correctly get 2 certificates/issuers: I precise my https configuration isn't for ssl_bump purpose but only to provide secure access to the http proxy through the WAN with a valid certificate. Do you some of you use complete certificates (including intermediate) with squid? If yes please tell me how you made it work. I do have the latest stable squid version built with openssl support.
you apparnetly need ptovide concatenated list of your squid certificate and intermediate certificate that signed your squid certificate. You don't need to provide the root certificate that signed intermediate certificate, since browsers to have that certificate installed (otherwise they wouldn't trust the certificate at all). -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
