Re: [squid-users] SQUID3 and https: Error negotiating SSL connection

From: Guy Helmer <guy.helmer_at_palisadesystems.com>
Date: Wed, 20 Feb 2013 16:11:32 -0600

On Feb 20, 2013, at 11:30 AM, skylab <skylab11_at_gmail.com> wrote:

> Hi,
> I'm new in Squid configuration and I have problems with HTTPS sites. I
> searched a lot but I didn't find a solution.
> I can't open any https site and I have different error messages in different
> browsers:
> - in firefox www.gmail.com returns ssl_error_bad_cert_domain
> - in chrome www.gmail.com returns "The site's security certificate is
> not trusted!"
> - in firefox www.facebook.com returns "The page isn't redirecting
> properly"
> - in chrome www.facebook.com returns "This webpage has a redirect loop"
> (Error 310 net:: ERR_TO_MANY_REDICTS)
>
> In cache.log there are these messages:
> /2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL
> connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca (1/0)
> 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL
> connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca (1/0)
> 2013/02/19 16:02:15| clientNegotiateSSL: Error negotiating SSL
> connection on FD 16: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca (1/0) /

Because of the "unknown ca" errors, it seems likely that you need to set sslproxy_cafile and/or sslproxy_capath so Squid can validate the server SSL certificates.

Guy
Received on Wed Feb 20 2013 - 22:11:48 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 21 2013 - 12:00:04 MST