On 17.12.2015 18:01, Alex Rousskov wrote:
On 12/17/2015 03:12 AM, Yuri Voinov wrote:This looks like. Root CA doesn't send. Subordinate CA uses as signer for mimicked. All and any clients got security alert.There may still be some terminology misunderstanding here because not sending the root certificate is the right thing to do
as a correct configured web server does;this sends only its SSL certificate with the issuing intermediate plus any other intermediate certificate,
but no root certificate ...so in this case there is just the intermediate certificate the one squid uses for SSL bump; the root certificate is installed on the clients and both the mimicked and the intermediate are sent by squid,
and all is fine;
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
