Re: [squid-users] Need help on SSL bump and certificate chain

From: Prasanna Venkateswaran <prascalls_at_gmail.com>
Date: Thu, 11 Apr 2013 22:17:18 +0530

Hi Guy,
         We want to be a man-in-the middle but we want to get the
approval from clients/end-users out of band by accepting the terms and
conditions. The self signed certificates is sort of ok with browsers.
But many other applications like dropbox sync, AV dat update, vpn ,
etc fail because of the untrusted certificate. On top of it we have
some headless devices in our network as well. Since we anyway have
this information in our terms and conditions we would like to move to
a trusted chain so that all the applications work as expected..

Gentlemen,
      I see some users have already asked help/reported bug about the
same thing like,
http://www.squid-cache.org/mail-archive/squid-users/201112/0197.html.

      I also see that changes have been done in squid to support this
behavior as well.
http://www.squid-cache.org/mail-archive/squid-dev/201110/0207.html

     I followed the steps from this thread for configuration and I
still dont see the chain information sent to the clients.
http://www.squid-cache.org/mail-archive/squid-users/201109/0037.html

      So has the behavior of squid changed in recent times? Or am I
missing something in my configuration. How to make squid send the
entire certificate chain to clients? Please help.

Regards,
Prasanna
Received on Thu Apr 11 2013 - 16:47:27 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 15 2013 - 12:00:05 MDT