[squid-users] squid3 ssl-bump server errors on some sites.

From: Beto Moreno <pamrtj_at_gmail.com>
Date: Mon, 31 Mar 2014 08:42:33 -0700

Hi.

I finally did squid 3.3.10 ssl-bump works.

I test on different site that use https and works, but after testing
and surfing normally, I start having issue example with ebay.

I try to purchase something and once I try to pay I receive this error
in my browser, firefox:

The following error was encountered while trying to retrieve the URL:
://checkout.payments.ebay.com:443

Failed to establish a secure connection to site-ip

The system returned:

(92) Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
SSL Certficate error: certificate issuer (CA) not known:
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 Secure Server
CA - G3

This proxy and the remote host failed to negotiate a mutually
acceptable security settings for handling your request. It is possible
that the remote host does not support secure connections, or the proxy
is not satisfied with the host security credentials.

This error appear to with chrome.

Other issue, I have 2 banks accounts, in 1 bank no problem, I could
access my account, with other I could not, the issue there is that I
didn't receive a error like the one I show u, the error was some
popups windows that give some info about my IP, but those are messages
from the app the bank use. But once I disable ssl-bump everything back
to normal with this bank.

I create my ca using pfsense tools.

What is the issue with this error and how we could fix it, exits a way
to troubleshoot this?

pfsense2.1, squid3.3.10, x64, thanks.
Received on Mon Mar 31 2014 - 15:42:41 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 01 2014 - 12:00:05 MDT