Hi,
I'm using ssl-bump in my forward proxy squid3.2.3, I try to access
https://centos.org, I get this error:
(71) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
SSL Certficate error: certificate issuer (CA) not known:
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure
Certification Authority/serialNumber=07969287
But when I bypass proxy access this site in IE9, it's ok, so I
think the problem is ssl-bump proxy, no the untrust ssl certficate.
This is my configure:
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/cert.pem
key=/usr/local/squid/etc/key.pem
sslcrtd_program /usr/local/squid/libexec/ssl_crtd -s
/usr/local/squid/var/ssl_db -M 4MB
-- Regards, John XueReceived on Thu Jan 31 2013 - 03:47:10 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 31 2013 - 12:00:04 MST