On 21/02/2013 11:11 a.m., Guy Helmer wrote:
> On Feb 20, 2013, at 11:30 AM, skylab <skylab11_at_gmail.com> wrote:
>
>> Hi,
>> I'm new in Squid configuration and I have problems with HTTPS sites. I
>> searched a lot but I didn't find a solution.
>> I can't open any https site and I have different error messages in different
>> browsers:
>> - in firefox www.gmail.com returns ssl_error_bad_cert_domain
>> - in chrome www.gmail.com returns "The site's security certificate is
>> not trusted!"
>> - in firefox www.facebook.com returns "The page isn't redirecting
>> properly"
>> - in chrome www.facebook.com returns "This webpage has a redirect loop"
>> (Error 310 net:: ERR_TO_MANY_REDICTS)
>>
>> In cache.log there are these messages:
>> /2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL
>> connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
>> unknown ca (1/0)
>> 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL
>> connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
>> unknown ca (1/0)
>> 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL
>> connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
>> unknown ca (1/0) /
> Because of the "unknown ca" errors, it seems likely that you need to set sslproxy_cafile and/or sslproxy_capath so Squid can validate the server SSL certificates.
>
> Guy
>
And/or the openSSL ca-certificates list is outdated and needs an upgrade.
Amos
Received on Thu Feb 21 2013 - 01:00:30 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 21 2013 - 12:00:04 MST