On Tue, 07 Jun 2011 11:54:52 +0200, Paweł Mojski wrote:
> Hi all.
>
> Finally I successful implemented ssl-bump with dynamic certificate
> generation feature.
> But, I don't know how to configure squid to use intermediate ca
> certificate.
> I generated Root CA, then using Root CA i signed Intermediate CA
> certificate and now, I want squid to use this Intermediate CA
> Certificate while generating certs for https connections.
> Then I want to import Root CA certificate into Windows PKI to solve
> "Unknown CA" error while surfing https pages.
> How can I do that?
The client must have a full chain of trust from the root all the way
down to the end certificate during the transactions. I think you may
find that signing with an intermediate CA needs to install both the root
and the intermediate public CA on the clients.
> I'm looking around cafile, capath of ssl-bump options but nothing
> works for me.
http://wiki.squid-cache.org/Features/SslBump
To squid there is only the cert PEM you told it to sign with.
Amos
Received on Wed Jun 08 2011 - 02:52:12 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 08 2011 - 12:00:03 MDT