Related OpenSSL public CA bundle - in theory it should be installed together with OpenSSL.
20.07.2017 2:49, Cherukuri, Naresh пишет: > > Thanks Yuri for quick turnover! > > > > We inly installed root certificate on all clients. We didn’t install > proxy CA’s public key on clients. So you suggestion fix that we need > to install both certificate and proxy ca’s public key on clients. > > > > Thanks, > > Naresh > > > > *From:*squid-users [mailto:squid-users-boun...@lists.squid-cache.org] > *On Behalf Of *Yuri > *Sent:* Wednesday, July 19, 2017 2:25 PM > *To:* squid-users@lists.squid-cache.org > *Subject:* Re: [squid-users] Squid Version 3.5.20 Any Ideas > > > > One out of two. Either the Squid does not see the OpenSSL/system root > CAs bundle, or the proxy CA's public key is not installed in the > clients. It's all. > > > > 19.07.2017 23:30, Walter H. пишет: > > Hello, > > this seems not to be the problem, as the error messages are in > cache.log, which is not a browser problem ... > > the question: are the SSL bumped sites in intranet, which use a > self signed CA cert itself, which squid doesn't know? > > On 19.07.2017 17:36, Yuri wrote: > > http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit > > http://i.imgur.com/A153C7A.png > > > > 19.07.2017 21:34, Cherukuri, Naresh пишет: > > Hi All, > > > > I installed Squid version 3.5.20 on RHEL 7 and generated > self-signed CA certificates, My users are complaining about > certificate errors. When I looked at cache.log I see so many > error messages like below. Below is my squid.conf file. Any > ideas how to address below errors. > > > > > > Cache.log > > > > 2017/07/18 16:05:34 kid1| Error negotiating SSL connection on > FD 689: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 > alert certificate unknown (1/0) > > 2017/07/18 16:05:34 kid1| Error negotiating SSL connection on > FD 1114: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 > alert certificate unknown (1/0) > > 2017/07/18 16:05:37 kid1| Error negotiating SSL connection on > FD 146: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 > alert certificate unknown (1/0) > > 2017/07/18 16:05:41 kid1| Error negotiating SSL connection on > FD 252: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 > alert certificate unknown (1/0) > > 2017/07/18 16:05:41 kid1| Error negotiating SSL connection on > FD 36: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert > certificate unknown (1/0) > > > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > <mailto:squid-users@lists.squid-cache.org> > > http://lists.squid-cache.org/listinfo/squid-users > > >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users