fre 2011-10-21 klockan 16:49 +0300 skrev Tsantilas Christos: > With this change, Squid may send the signing certificate (along with the > generated one) using the following rules: > > * If the configured signing certificate is self-signed, > then just send the generated certificate alone. > Note that root CA certificates are self-signed (by root CA). > > * Otherwise (i.e., if the configured signing certificate is an > intermediate CA certificate), send both the intermediate CA > and the generated fake certificate.
To be complete one needs to be able to specify the certificate chain. This because there may be a chain of certificates with more than one intermediary ca level. But the above is a good and reasonable approximation. Regards Henrik
