yes, I have seen this with Squid _with_ ssl_bump. In trying
to resolve the issue I also upgraded to Squid 4.11, removed the
certificate cache and still had messages that the certificate
expired on May 30 2020. Doublechecked all certificates but none
has this expiry date.
We have a wildcard certificate of sectigo that we use for *.urlfilterdb.com The really strange thing is that the issue does not appear for all subdomains:
'www' subdomain is OK
'files' subdomain has expired certificate
www.sectigo.com also has an expiration issue when used with the Squid proxy and sslbump (peek+bump mode).
My *guess* is that the certificate checking code used by
ssl_bump does not check all certificate signing paths.
Marcus
Has anyone else noticed that any issues with the expiration of the Sectigo certificates today that appear to be related to this issue:
I started see this in my logs today for a site that has always worked.
... cert_errors="X509_V_ERR_CERT_HAS_EXPIRED@depth=3" ...
I also noticed that with a browser, bypassing the proxy, the certificate is fine.I also noticed that testing with openssl, it indicates expired as well.
Verify return code: 10 (certificate has expired)
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
