On Wed, Nov 11, 2020 at 03:13:19PM +0100, Dieter Bloms wrote: > for me it looks like the server doesn't deliver the intermdeiate > certificate and your squid proxy doesn't download this certificate > itself. Well, squid couln't download even if wanted if it isn't supplied by the server. AFAIK there is no field in the certificate to hold an url to download the signer one. In fact in the past I had to put some intermediates in the cert store (OK, not great, not recommended, but at least it works). That aside, if I save the certificate as a PEM from the browser (*only* the certificate, not the whole chain) and I do an openssl verify on it it validates, so in the store there are all the certs needed to verify it. I even tried doing it as the squid user in case of permission issues. For some reason squid doesn't like *some* certificates. And I don't think that so many sites anyway send incomplete chains. -- Lorenzo Marcantonio
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
