On 18/10/2012 9:53 p.m., guest01 wrote:
> Hi,
>
> We are using Squid 3.1.12[1] in our environment as forward-Proxy with
> a PAC-file for HTTP and HTTPs. As far as I know, HTTPs works via the
> CONNECT-method (we are not using any SSL-bump-stuff) and should not
> touch the SSL certificate at all. Unfortunately, we are currently
> experiencing a strange behavior with a SSL certificate for only a
> couple of users (win7 clients with IE9 and ldap basic authentication):
>
> URL: https://www.brandschutz-online.cc/kastner/
>
> certification path without proxy:
> GeoTrust Global CA
> -> RapidSSL CA
> -> www.brandschutz-online.cc
>
> If we are using Squid as proxy, we get following certification path in IE9:
> www.brandschutz-online.cc
>
> IE9 is complaining about a certificate error.
>
> Any idea why this is happening? Usually, everything is working for
> HTTPs without any browser complaints.
That would be something between those users machines and the website in
question. You are quite right about Squid not touching or having
anything to do with the SSL portion of the request in your setup.
At a guess I would say look at the TLS/SSL versions supported and used
by those users and by the website. The encryption details probably do
not overlap at some point - or the site has something in its cert they
are now validationg for but older software did not.
Amos
Received on Thu Oct 18 2012 - 09:07:57 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 18 2012 - 12:00:03 MDT