Re: [squid-users] SSLBump and intermedia CA Certificate.

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 08 Jun 2011 14:52:07 +1200

 On Tue, 07 Jun 2011 11:54:52 +0200, Paweł Mojski wrote:
> Hi all.
>
> Finally I successful implemented ssl-bump with dynamic certificate
> generation feature.
> But, I don't know how to configure squid to use intermediate ca
> certificate.
> I generated Root CA, then using Root CA i signed Intermediate CA
> certificate and now, I want squid to use this Intermediate CA
> Certificate while generating certs for https connections.
> Then I want to import Root CA certificate into Windows PKI to solve
> "Unknown CA" error while surfing https pages.
> How can I do that?

 The client must have a full chain of trust from the root all the way
 down to the end certificate during the transactions. I think you may
 find that signing with an intermediate CA needs to install both the root
 and the intermediate public CA on the clients.

> I'm looking around cafile, capath of ssl-bump options but nothing
> works for me.

 http://wiki.squid-cache.org/Features/SslBump

 To squid there is only the cert PEM you told it to sign with.

 Amos
Received on Wed Jun 08 2011 - 02:52:12 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 08 2011 - 12:00:03 MDT