Re: [squid-users] Re: SSLBump, help to configure for 3.1.0.16

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Tue, 23 Feb 2010 10:17:15 +0100

mån 2010-02-22 klockan 16:32 -0600 skrev Andres Salazar:
> Thank you guys.
>
> Iam now bumping the SSL CONNECT requests.
>
> The only problem is that iam getting various errors like this on the cache.log.
>
> 2010/02/22 17:27:40| clientNegotiateSSL: Error negotiating SSL
> connection on FD 8: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca (1/0)

That's clients rejecting the certificate presented by the proxy as they
don't know (or trust) the issuing CA.

For SSLBump to work the way intended you need to install a custom CA in
the browsers trusted CA store.

Regards
Henrik
Received on Tue Feb 23 2010 - 09:17:22 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 23 2010 - 12:00:06 MST