Search squid archive

Re: Squid 6.8 SSL_BUMP TLS Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

We have created a DER version of the PEM certificate which Squid uses and imported this into client certificate store using script like this:

certmgr /add DN_SIGNATOR_CA.der /r localMachine /s root

 

DN_SIGNATOR_CA.der is the self signed certificate

 

Maybe there must be some additional or changed setting in config from 3.5 > 6.8 Squid version?

As I wrote on old server with Squid 3.5 and same certificate it worked. Should I attach both config files?

 

Regards,

Mario

 

Von: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> Im Auftrag von Alex Rousskov
Gesendet: Mittwoch, 17. April 2024 19:53
An: squid-users@xxxxxxxxxxxxxxxxxxxxx
Betreff: Re: Squid 6.8 SSL_BUMP TLS Error

 

On 2024-04-17 09: 07, Rauch, Mario wrote: > We are receiving following errors when clients > want to connect to specific website using ssl bump feature and self > signed certificate: > > 2024/04/17 14: 55: 15 kid1| ERROR: failure 

On 2024-04-17 09:07, Rauch, Mario wrote:
 
> We are receiving following errors when clients 
> want to connect to specific website using ssl bump feature and self 
> signed certificate:
> 
> 2024/04/17 14:55:15 kid1| ERROR: failure while accepting a TLS 
> connection on conn275 local=185.229.91.169:3128 
> remote=81.217.86.125:63673 FD 16 flags=1: 
> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
> 
> Does somebody know what the problem could be?
 
$ openssl errstr A000418
error:0A000418:SSL routines::tlsv1 alert unknown ca
 
Looks like the client does not trust Squid certificate and tells Squid 
about that lack of trust via a TLS alert. Did you configure the client 
to trust the certificate your Squid is using for bumping client connections?
 
 
HTH,
 
Alex.
 
 
> With old Squid 3.5 it worked with almost same config and certificate.
 
 
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://urldefense.com/v3/__https://lists.squid-cache.org/listinfo/squid-users__;!!Gb9UCRAl!8v8DHhzXtUPSxAheCy_Rh2E-Sywz_Z-_afBDDwJUCCJ0ojG5KeBK_73nBnc3Uo6bz9cIuzHlHwrxDZNznVMO1E0k3oPcDpH5ysNH$
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux