Disregard, I figured it out. In my helper script I had a mistake in
counting the number of chars in my cert/key. Fixed that and now it
works.
On Mon, Dec 27, 2010 at 1:56 PM, Alex Ray wrote:
> Here are logs from /usr/local/squid/var/lib/ssl_db/index.txt
>
> V 131124202916Z 058BD
Here are logs from /usr/local/squid/var/lib/ssl_db/index.txt
V 131124202916Z 058BD142unknown
/CN=www.microsoft.com-BEGIN CERTIFICATE-
V 131124203005Z 058BD143unknown
/CN=clients1.google.com-BEGIN CERTIFICATE-
V 131124203006Z
On 28/12/10 06:42, Alex Ray wrote:
Looks like dynamic ssl certs are still broken as of 3.2.0.4:
microsoft.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for microsoft.com-BEGIN CERTIFICATE-
(Error code:
Looks like dynamic ssl certs are still broken as of 3.2.0.4:
microsoft.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for microsoft.com-BEGIN CERTIFICATE-
(Error code: sec_error_untrusted_issuer)
On 24/12/10 13:05, Henrik Nordström wrote:
tor 2010-12-23 klockan 13:56 -0800 skrev Alex Ray:
2010/12/23 13:54:55 kid1| Closing SSL FD 10 as lacking SSL context
in the cache.log, and in a browser bounces between Looking Up and Waiting For.
That means it failed to dynamically generate the cer
On 24/12/10 04:15, Alex Ray wrote:
When using squid 3.2 beta with ssl-bump and dynamic certificate
generation, is it possible to have the generated certificates issued
by a trusted CA (trusted on each computer), so that browsers receive
neither the "website does not match certificate CN" or "this
tor 2010-12-23 klockan 13:56 -0800 skrev Alex Ray:
> 2010/12/23 13:54:55 kid1| Closing SSL FD 10 as lacking SSL context
>
> in the cache.log, and in a browser bounces between Looking Up and Waiting For.
That means it failed to dynamically generate the cert, and since there
was no default cert as
2010/12/23 Henrik Nordström :
> tor 2010-12-23 klockan 11:52 -0800 skrev Alex Ray:
>> I've written an ad-hoc bash script, ssl_srtd_ca, that acts like the
>> following, but doesn't work when dropped-in. Is there some sort of
>> spec on how ssl_crtd communicates?
>
> src/ssl/ssl_crtd.cc is the close
tor 2010-12-23 klockan 11:52 -0800 skrev Alex Ray:
> I've written an ad-hoc bash script, ssl_srtd_ca, that acts like the
> following, but doesn't work when dropped-in. Is there some sort of
> spec on how ssl_crtd communicates?
src/ssl/ssl_crtd.cc is the closest to a spec I think.
why did you nee
I've written an ad-hoc bash script, ssl_srtd_ca, that acts like the
following, but doesn't work when dropped-in. Is there some sort of
spec on how ssl_crtd communicates?
squid01:/etc/ssl/ssl_crtd_tmp# ssl_crtd_ca -M 4MB -s
/usr/local/squid/var/lib/ssl_db
new_certificate 13 host=host.dom
ok 1502 -
When using squid 3.2 beta with ssl-bump and dynamic certificate
generation, is it possible to have the generated certificates issued
by a trusted CA (trusted on each computer), so that browsers receive
neither the "website does not match certificate CN" or "this
certificate is self-signed/untrusted
11 matches
Mail list logo
