Re: [squid-users] SQUID3 and https: Error negotiating SSL connection

From: Guy Helmer <guy.helmer_at_palisadesystems.com>
Date: Thu, 21 Feb 2013 16:13:51 -0600

On Feb 21, 2013, at 2:04 AM, skylab <skylab11_at_gmail.com> wrote:

> Hi, thank you for your replies.
> How can I verify my ca-certificate list? And how can I update it?
> Thank you very much.
>
> Skylab

It depends on your O/S. Linux and *BSDs keep the certs updated through packages.

If you have Redhat/CentOS, check the ca-certificates RPM. You might have to set sslproxy_cafile to /etc/ssl/certs/ca-bundle.crt

If you have Debian/Ubuntu/etc, check the ca-certificates DEB. You might have to set sslproxy_capath to /etc/ssl/certs

For FreeBSD, check the package ca_root_nss. Set sslproxy_cafile to /usr/local/share/certs/ca-root-nss.crt

HTH,
Guy
Received on Thu Feb 21 2013 - 22:14:03 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 22 2013 - 12:00:04 MST