Hello, We have created a DER version of the PEM certificate which Squid uses and imported this into client certificate store using script like this: certmgr /add DN_SIGNATOR_CA.der /r localMachine /s root
DN_SIGNATOR_CA.der is the self signed certificate Maybe there must be some additional or changed setting in config from 3.5 > 6.8 Squid version? As I wrote on old server with Squid 3.5 and same certificate it worked. Should I attach both config files? Regards, Mario Von: squid-users <squid-users-boun...@lists.squid-cache.org> Im Auftrag von Alex Rousskov Gesendet: Mittwoch, 17. April 2024 19:53 An: squid-users@lists.squid-cache.org Betreff: Re: [squid-users] Squid 6.8 SSL_BUMP TLS Error On 2024-04-17 09: 07, Rauch, Mario wrote: > We are receiving following errors when clients > want to connect to specific website using ssl bump feature and self > signed certificate: > > 2024/04/17 14: 55: 15 kid1| ERROR: failure On 2024-04-17 09:07, Rauch, Mario wrote: > We are receiving following errors when clients > want to connect to specific website using ssl bump feature and self > signed certificate: > > 2024/04/17 14:55:15 kid1| ERROR: failure while accepting a TLS > connection on conn275 local=185.229.91.169:3128 > remote=81.217.86.125:63673 FD 16 flags=1: > SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1 > > Does somebody know what the problem could be? $ openssl errstr A000418 error:0A000418:SSL routines::tlsv1 alert unknown ca Looks like the client does not trust Squid certificate and tells Squid about that lack of trust via a TLS alert. Did you configure the client to trust the certificate your Squid is using for bumping client connections? HTH, Alex. > With old Squid 3.5 it worked with almost same config and certificate. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> https://urldefense.com/v3/__https://lists.squid-cache.org/listinfo/squid-users__;!!Gb9UCRAl!8v8DHhzXtUPSxAheCy_Rh2E-Sywz_Z-_afBDDwJUCCJ0ojG5KeBK_73nBnc3Uo6bz9cIuzHlHwrxDZNznVMO1E0k3oPcDpH5ysNH$<https://urldefense.com/v3/__https:/lists.squid-cache.org/listinfo/squid-users__;!!Gb9UCRAl!8v8DHhzXtUPSxAheCy_Rh2E-Sywz_Z-_afBDDwJUCCJ0ojG5KeBK_73nBnc3Uo6bz9cIuzHlHwrxDZNznVMO1E0k3oPcDpH5ysNH$>
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users