1. Using mozilla CA bundle instead of system (if exists) for squid. 2. Update mozilla CA bundle by script by cron on regular basis.
3. Have own manually maintained custom add_certs.pem list which combines with step 2 during updates. Thats all, folks. 08.02.2018 23:33, FredB пишет: > Hi All, > > In practise how you maintain the CA files? I'm testing SSLBump with Debian > Jessie the package ca-certificates provides many certificates but less than > the latest Firefox Browser. > How do you manage to keep all that in check? When a CA is missing you add the > pem in you system config or exclude the website from SSLBump? > > EG: From my test https://wiki.squid-cache.org seems unknown (71) Protocol > error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) > SSL Certficate error: certificate issuer (CA) not known: /C=US/O=Let's > Encrypt/CN=Let's Encrypt Authority X3 > > Thanks > > Regards > Fred > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -- ***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users