[squid-users] security.use_mozillapkix_verification and squid ssl bump

Hello, Recent version of Firefox made some changes to certificate verification. See here: https://wiki.mozilla.org/SecurityEngineering/Certificate_Verification After this many SSL bumped sites are showing verification error. An error occurred during a connection to s-static.ak.facebook.com.

[squid-users] Re: ONLY Cache certain Websites.

im not able to fix it. Normal websites work. But i cant get it to cache (or even allow access to Windows Update or Kaspersky). Whats i am doin wrong? 2014/08/02 17:05:35| The request GET http://dnl-16.geo.kaspersky.com/updaters/updater.xml is DENIED, because it matched 'localhost' 2014/08/02

[squid-users] Re: kerberos authentication with load balancers

Hi Giorgi, You do not need to renew the keytab every 30 days. It is more a best practice to change them after some period but I think 30 days is a bit too frequent. At the end you need to determine how high the risk is that someone got hold of the keytab to impersonate someone else.