Hello, we use the sslbump feature and it works very well. But some sites can't be reached because of missing intermediate certificate.
In squid.conf we have configured the following parameters: --snip-- # allow fetching of missing intermediate certificates acl fetch_intermediate_certificate transaction_initiator certificate-fetching http_access allow fetch_intermediate_certificate cache allow fetch_intermediate_certificate cache deny all --snip-- and fetching the intermediate certificate works for sites like: https://incomplete-chain.badssl.com/ but for some sites like https://mycase.cloudapps.cisco.com/ squid doesn't fetch the intermediate certificate and returns X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY In my eyes the certificate of mycase.cloudapps.cisco.com contains an AiA record. output of openssl on certificate of mycase.cloudapps.cisco.com --snip-- Authority Information Access: CA Issuers - URI:http://trust.quovadisglobal.com/hydsslg2.crt OCSP - URI:http://ocsp.quovadisglobal.com --snip-- so does anybody see what's the reason, why squid doesn't download the intermediate certificate for mycase.cloudapps.cisco.com ? -- Regards Dieter Bloms -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
