On 5/4/21 1:16 AM, roie rachamim wrote: > When trying to reach some times via https e.g. https://acadamy.atera.com > > Squid complains on missing Intermediate certificate. > I see this in the logs: > > 2021/05/03 10:58:14.554| 83,4| support.cc(1147) untrustedToStoreCtx_cb: > Try to use pre-downloaded intermediate certificates > 2021/05/03 10:58:14.554| 83,5| support.cc(333) ssl_verify_cb: Unable to > get local issuer certificate: /CN=*.atera.com <http://atera.com> > > From what i saw in the Wiki Squid 4 should include a mechanism to > download required intermediate certificate, So does what i see make sense ? I see no red flags in those two cache.log lines. * If this is a TLS v1.3 connection, then you need to try with the latest v5 snapshot to get commit 4624a2e. See Bug 5067 for more info: https://bugs.squid-cache.org/show_bug.cgi?id=5067 * Otherwise, more information is needed to figure out why Squid did not try to fetch the missing certificates, tried but failed, or succeeded but they were not enough to validate. To know whether Squid tried to fetch intermediate certificates, you can check access.log. For more details, consider sharing debugging cache.log of the whole problematic transaction. https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
