Re: [squid-users] install verisign intermediate on squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 07 Dec 2013 14:40:58 +1300

On 7/12/2013 6:33 a.m., Stefan Frei wrote:
> Hello there
>
> i somehow fail to install the intermediate ca on my squid...
>
> here the relevant info
>
> https_port someip:443 accel
> cafile=/etc/ssl/certs/verisign.intermediate.ca
> cert=/etc/ssl/certs/somedomain.com.crt
> key=/etc/ssl/private/somedomain.com.key defaultsite=somedomain.com
> vhost
>
>
> and here the content of intermediate ca
>
> (from verisign website)
>
<snip certs>
>
> it looks like the intermediate cert is not passed to the browser
> properly, dont know why.
>
> chrome and firefox version 25 are working, but not version 24 of
> firefox(he doesnt have the intermediate i n its local cache).

That sounds more like a bug in Firefox that got fixed between the
versions. Or the new versions being tested have updated ca-certificates
records.

Anyway, cafile= parameter in Squid is used for verifying *client*
certificates.

Try combining your certificate and the CA chain into one PEM format file
for Squid to load using the cert= parameter.

Amos
Received on Sat Dec 07 2013 - 01:41:06 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 07 2013 - 12:00:04 MST