Search squid archive

Re: windows updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey,

Did you manage to find a solution for your use case?
Let me know if you need assistance with this issue.

Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx


On Tue, Mar 4, 2025 at 1:57 AM Doug Tucker <doug.tucker@xxxxxxxxxxxxxxxx> wrote:
I have read through everything I can find on this subject but still cannot seem to get around the issue of windows updates not working through the squid transparent proxy.  No matter what I try I continue to see this in the cache log and windows update will not connect.

2025/03/03 23:26:55 kid5| Error negotiating SSL on FD 25: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)

I tried adding the info from the following doc to no avail.



The relevant parts of my squid.conf:

#Handling HTTPS requests
https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept
acl SSL_port port 443
http_access allow SSL_port
acl allowed_https_sites ssl::server_name "/etc/squid/allowed-sites.txt"
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
ssl_bump peek step1 all
ssl_bump peek step2 allowed_https_sites
ssl_bump splice step3 allowed_https_sites
ssl_bump terminate step2 all

#windows update
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump"
ssl_bump splice NoSSLIntercept
ssl_bump peek DiscoverSNIHost
ssl_bump bump all

I ran tcpdump and added every url i could find to the allowed-sites.txt and added the 2 sites recommended tot he url.nobump.  If anyone has gotten this to work any help would be appreciated. 






Doug Tucker
Sr. Director of Networking and Linux Operations

o: 817.975.5832  
e: doug.tucker@xxxxxxxxxxxxxxxx  


Newscycle Solutions is now Naviga. Learn more.


CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibite


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux