Re: [squid-users] Squid 3.2 - Dynamic SSL certs that aren't self-signed

Disregard, I figured it out. In my helper script I had a mistake in
counting the number of chars in my cert/key. Fixed that and now it
works.

On Mon, Dec 27, 2010 at 1:56 PM, Alex Ray <alexray_at_espsolution.net> wrote:
> Here are logs from /usr/local/squid/var/lib/ssl_db/index.txt
>
> V       131124202916Z           058BD142        unknown
> /CN=www.microsoft.com-----BEGIN CERTIFICATE-----
> V       131124203005Z           058BD143        unknown
> /CN=clients1.google.com-----BEGIN CERTIFICATE-----
> V       131124203006Z           058BD144        unknown
> /CN=mail.google.com-----BEGIN CERTIFICATE-----
>
>
> On Mon, Dec 27, 2010 at 1:00 PM, Alex Ray <alexray_at_espsolution.net> wrote:
>> No, the certificate is being made, just incorrectly.  Look at the common name:
>>
>> microsoft.com-----BEGIN CERTIFICATE-----
>>
>> ^ I'm fairly sure that "-----BEGIN CERTIFICATE-----" shouldn't be a
>> part of the CN for microsoft.com.
>>
>> On Mon, Dec 27, 2010 at 12:42 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>> On 28/12/10 06:42, Alex Ray wrote:
>>>>
>>>> Looks like dynamic ssl certs are still broken as of 3.2.0.4:
>>>>
>>>> microsoft.com uses an invalid security certificate.
>>>>
>>>> The certificate is not trusted because it is self-signed.
>>>> The certificate is only valid for microsoft.com-----BEGIN CERTIFICATE-----
>>>>
>>>> (Error code: sec_error_untrusted_issuer)
>>>
>>> Does your browser trust the signing CA?
>>> That message does not show up if the CA is installed in the browser.
>>>
>>> Amos
>>> --
>>> Please be using
>>>  Current Stable Squid 2.7.STABLE9 or 3.1.10
>>>  Beta testers wanted for 3.2.0.4
>>>
>>
>
>
>
> --
> Alex Ray
>
> Technical Support Representative
>
> Enhanced Software Products, Inc.
>
> www.espsolution.net
>
> 800 456-5750
>
>
>
> NOTICE: This e-mail may contain confidential or legally privileged
> information and is intended solely for delivery to the specific person
> identified as the recipient. Any review, re-transmission,
> dissemination or other use or taking of any action in reliance upon
> this e-mail by persons other than the intended recipient is prohibited
> and may require legal action. If you receive this e-mail in error,
> please contact me at the address above and delete from your computer
> system, or otherwise from your records, the information, which was
> transmitted to you in error.
>

-- 
Alex Ray
Technical Support Representative
Enhanced Software Products, Inc.
www.espsolution.net
800 456-5750
NOTICE: This e-mail may contain confidential or legally privileged
information and is intended solely for delivery to the specific person
identified as the recipient. Any review, re-transmission,
dissemination or other use or taking of any action in reliance upon
this e-mail by persons other than the intended recipient is prohibited
and may require legal action. If you receive this e-mail in error,
please contact me at the address above and delete from your computer
system, or otherwise from your records, the information, which was
transmitted to you in error.