Re: [squid-users] Need help on SSL bump and certificate chain

From: Prasanna Venkateswaran <>
Date: Mon, 15 Apr 2013 11:14:16 +0530

    Can someone please help me out here? In a nutshell, I am using a
proper signed certificate(not self signed) to generate certificates.
The chain is my certificate -> intermediate CA -> root CA. I cannot
make squid send the entire certificate chain to the clients and this
is breaking many applications in our network.

     I am using squid 3.3.1. Please help.


On 4/11/13, Prasanna Venkateswaran <> wrote:
> Hi Guy,
> We want to be a man-in-the middle but we want to get the
> approval from clients/end-users out of band by accepting the terms and
> conditions. The self signed certificates is sort of ok with browsers.
> But many other applications like dropbox sync, AV dat update, vpn ,
> etc fail because of the untrusted certificate. On top of it we have
> some headless devices in our network as well. Since we anyway have
> this information in our terms and conditions we would like to move to
> a trusted chain so that all the applications work as expected..
> Gentlemen,
> I see some users have already asked help/reported bug about the
> same thing like,
> I also see that changes have been done in squid to support this
> behavior as well.
> I followed the steps from this thread for configuration and I
> still dont see the chain information sent to the clients.
> So has the behavior of squid changed in recent times? Or am I
> missing something in my configuration. How to make squid send the
> entire certificate chain to clients? Please help.
> Regards,
> Prasanna
Received on Mon Apr 15 2013 - 05:44:24 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 16 2013 - 12:00:04 MDT