with your help. i changed my configure. and now the https problem is that
SEC_ERROR_UNKNOWN_ISSUER.
i use squid 3.5.27 as a transparent proxy and a icap client .With the proxy , i
access most of https websites like www.amazon.com. but failed . So i want to
know where problem is or how to deal with it.
The webpage remind like" www.amazon.com used an invalid security certificate.
The certificate is not trusted because of its self-signature. This certificate
is invalid for the name www.amazon.com. Error code: SEC_ERROR_UNKNOWN_ISSUER "
Here is my configure
# Squid normally listens to port 3128
http_port 3120
http_port 3128 intercept
https_port 192.168.51.200:3129 intercept ssl-bump connection-auth=off
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/ssl_cert/myCA.pem key=/usr/local/squid/ssl_cert/myCA.pem
#acl ssl_step1 at_step SslBump1
#acl ssl_step2 at_step SslBump2
#acl ssl_step3 at_step SslBump3
#ssl_bump peek ssl_step1
#ssl_bump splice all
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/lib/ssl_db -M 4MB
sslcrtd_children 8 startup=1 idle=1
#icap
icap_enable on
icap_preview_enable on
icap_preview_size 1024
icap_send_client_ip on
adaptation_meta X-Client-Port "%>p"
icap_206_enable on
icap_persistent_connections off
icap_service service_req reqmod_precache 0 icap://192.168.51.200:1344/echo
icap_service service_res respmod_precache 1 icap://192.168.51.200:1344/echo
adaptation_access service_res allow all
adaptation_access service_req allow all
_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users
